zcl
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of the 'zcl' CLI tool and allows for arbitrary shell command execution through the '-- ' argument in its process fallback path. This behavior is the intended primary function of the orchestration workflow.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes external configuration and mission data. * Ingestion points: Data is ingested from files such as 'suite.yaml', 'suite.json', 'campaign.yaml', and 'campaign.json'. * Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard embedded commands within the ingested configuration files. * Capability inventory: The skill has the capability to execute the 'zcl' binary and any user-specified runner commands in a shell environment. * Sanitization: The skill description does not mention any validation or sanitization of the input files before they are used to drive the orchestration logic.
Audit Metadata