zoho-assist
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a legitimate integration utility with no detected malicious patterns or obfuscation.
- [COMMAND_EXECUTION]: Uses the
membraneCLI tool for API interaction and workflow automation, which is the intended purpose of the skill. - [EXTERNAL_DOWNLOADS]: Recommends the installation of
@membranehq/cli, a trusted package provided by the skill author for platform interaction. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing data from Zoho Assist. 1. Ingestion points: Data from actions and proxy requests. 2. Boundary markers: None specified. 3. Capability inventory: Command execution and network requests via the Membrane CLI. 4. Sanitization: No explicit sanitization of API data is performed.
Audit Metadata