zeta
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the Membrane CLI tool (
@membranehq/cli) from the public npm registry. This is a vendor-owned package used to facilitate the integration. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to manage authentication, discover available Zeta actions, and execute requests against the Zeta API. These commands are part of the intended functionality for interacting with the Membrane platform. - [PROMPT_INJECTION]: The skill processes external data from Zeta (such as documents, search results, and action outputs). While this represents a potential surface for indirect prompt injection, the skill encourages the use of pre-built actions which typically include structured data handling to mitigate these risks.
Audit Metadata