z-ai-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill documentation describes network requests to the domain 'api.z.ai' for API interactions. This domain is not included in the trusted whitelist, though it is the primary function of the skill.
- [Indirect Prompt Injection] (LOW): The skill includes features for ingesting untrusted data from external URLs and web search results, which establishes a surface for indirect prompt injection attacks. 1. Ingestion points: References to 'image_url', 'video_url', and 'file_url' in 'references/chat-completions.md', as well as the 'web_search' and 'retrieval' tools in 'references/tools-and-functions.md'. 2. Boundary markers: Absent. The provided documentation and examples do not include instructions or markers to distinguish untrusted external content from system instructions. 3. Capability inventory: The skill enables network access to the Z.ai API and provides instructions for tool execution based on model outputs. 4. Sanitization: No sanitization or validation of external content is described in the provided reference materials.
Audit Metadata