zoho-commerce
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from Zoho Commerce (such as products, orders, and customer records), creating a surface for indirect prompt injection if an attacker controls content within those records.
- Ingestion points: Data retrieved via
membrane action list,membrane action run, andmembrane request(SKILL.md). - Boundary markers: None identified in the provided instructions.
- Capability inventory: The skill can perform write operations and API requests using
membrane action runandmembrane request(SKILL.md). - Sanitization: No specific data validation or sanitization steps are documented.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI package
@membranehq/clifrom the npm registry. This is the official tool provided by the skill's authoring organization.
Audit Metadata