Skills
skills/membranedev/application-skills/zerotier/Gen Agent Trust Hub

zerotier

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to perform network operations, such as creating connections and running actions. These are legitimate uses of CLI tooling for the specified service.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs users to install the @membranehq/cli global package via npm. This is a vendor-provided tool necessary for the skill's operation.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests data from ZeroTier (such as member names, network descriptions, or API responses).
  • Ingestion points: Data returned from membrane action run and membrane request commands as described in SKILL.md.
  • Boundary markers: Absent. There are no instructions for the agent to use delimiters or specific safety instructions when processing the external data.
  • Capability inventory: The agent can execute CLI commands (membrane) and perform network requests via the Membrane proxy as noted in SKILL.md.
  • Sanitization: Absent. The skill does not describe any sanitization or validation logic for the data retrieved from the ZeroTier API.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 11:19 PM