Skills
skills/jeremylongshore/claude-code-plugins-plus/zai-cli/Gen Agent Trust Hub

zai-cli

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx zai-cli to execute the core logic, which involves downloading and running code from the npm registry at runtime.
  • [COMMAND_EXECUTION]: The skill requires Bash(cmd:*) permissions to run the zai-cli tool via npx for its various subcommands (vision, search, read, repo).
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from several external sources, which could contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: Web search results, web page content (via reader), and external GitHub repositories (via repo subcommand) are ingested into the agent context in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill's logic.
  • Capability inventory: The skill has access to Bash, WebFetch, Write, and Edit tools.
  • Sanitization: There is no evidence of sanitization or filtering of the external content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 12:42 PM