zenkit
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from NPM. This is the official command-line tool provided by the vendor to facilitate the integration and manage connections. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to search for actions, run commands, and proxy requests to the Zenkit API. These operations are the intended primary purpose of the skill and are performed through a managed interface. - [CREDENTIALS_UNSAFE]: The skill demonstrates high security standards by explicitly advising against asking users for API keys or tokens. It uses a server-side connection model that handles authentication and credential refresh automatically without local secret exposure.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from an external source (Zenkit), which presents a potential surface for indirect prompt injection if those records contain malicious instructions.
- Ingestion points: Zenkit records, items, and comments retrieved via CLI commands in
SKILL.md. - Boundary markers: Not present.
- Capability inventory: Execution of shell commands via the
membraneCLI. - Sanitization: Not specified in the skill instructions.
Audit Metadata