zoho-analytics
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
@membranehq/clitool to perform operations. These commands are restricted to managing connections and executing actions within the Zoho Analytics environment via the Membrane platform. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to install
@membranehq/clivia NPM. This is an official package provided by the platform vendor for interacting with their services. - [CREDENTIALS_UNSAFE]: The skill demonstrates positive security practices by explicitly advising against asking users for API keys or tokens, instead delegating all authentication lifecycle management to the Membrane platform server-side.
- [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were detected. All network communication is directed through the Membrane proxy to official Zoho Analytics endpoints.
- [INDIRECT_PROMPT_INJECTION]: The skill has a potential attack surface for indirect prompt injection as it ingests data from Zoho Analytics via
membrane action runandmembrane request. If the retrieved data contains malicious instructions that are subsequently processed by the agent without sanitization, it could influence agent behavior. However, this is an inherent risk of data-processing skills and no active exploit patterns were found.
Audit Metadata