Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/zai-cli/Gen Agent Trust Hub

zai-cli

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to run npx zai-cli, which downloads and executes a package from the public npm registry at runtime. This package is not from a verified or trusted organization.
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute the zai-cli commands for its primary functions, including vision analysis, web searching, and repository exploration.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data processing workflows.
  • Ingestion points: Untrusted content is ingested from the live web (via search and reader), visual media (via vision), and external GitHub repositories.
  • Boundary markers: No delimiters or safety instructions are provided to help the agent distinguish between the skill's instructions and the external data being processed.
  • Capability inventory: The skill possesses extensive capabilities, including Bash(cmd:*), WebFetch, and file modification tools (Write, Edit), creating a high-impact surface for malicious instructions.
  • Sanitization: There is no evidence of validation or sanitization of the external content before it is processed by the AI.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 03:46 PM