zoho-invoice
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation and usage of the
@membranehq/clipackage from the NPM registry. This tool is provided by the vendor to facilitate secure authentication and API interaction. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI to perform administrative and data tasks, including searching for connectors, establishing connections, and running specific Zoho Invoice actions. These commands are scoped to the intended functionality of the skill. - [PROMPT_INJECTION]: The skill acts as a bridge to external data from Zoho Invoice, which introduces a surface for indirect prompt injection if retrieved records contain malicious instructions.
- Ingestion points: Data enters the environment through
membrane action runandmembrane requestcommands. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat retrieved data as untrusted content.
- Capability inventory: The skill can execute CLI commands to read and write data via the Zoho Invoice API.
- Sanitization: No data validation or sanitization steps are defined within the instructions.
Audit Metadata