Skills
skills/membranedev/application-skills/zoho-mail/Gen Agent Trust Hub

zoho-mail

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli tool from the official NPM registry. This is a vendor-supplied utility used to facilitate the integration.\n- [COMMAND_EXECUTION]: Instructs the agent to use the membrane command-line interface for authenticating with Zoho, searching for available actions, and executing mail operations.\n- [PROMPT_INJECTION]: The skill is designed to retrieve external data such as email bodies and attachments, which is a potential surface for indirect prompt injection.\n
  • Ingestion points: get-email-content, list-emails, and search-emails functions (SKILL.md).\n
  • Boundary markers: Not specified in the skill instructions.\n
  • Capability inventory: Commands for running actions (membrane action run) and creating new actions based on descriptions (membrane action create) in SKILL.md.\n
  • Sanitization: Not explicitly implemented within the skill logic; relies on the underlying platform's handling of tool outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 06:12 AM