Skills
skills/membranedev/application-skills/zoho-sheet/Gen Agent Trust Hub

zoho-sheet

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the '@membranehq/cli' package from the npm registry. This is a standard global installation of the vendor's command-line interface.
  • [COMMAND_EXECUTION]: Utilizes the 'membrane' CLI to perform operations such as user authentication ('membrane login'), connection management ('membrane connect'), and spreadsheet data manipulation ('membrane action run' and 'membrane request'). All commands are within the scope of the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by ingesting data from external Zoho Sheet spreadsheets.
  • Ingestion points: Data is fetched via 'membrane action run' and 'membrane request' commands that read sheet contents.
  • Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions within the spreadsheet data.
  • Capability inventory: The agent has the capability to execute shell commands ('membrane' CLI) and perform network requests through the Membrane proxy.
  • Sanitization: There is no mention of sanitizing or escaping the data retrieved from the spreadsheets before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 11:58 PM