Skills
skills/membranedev/application-skills/zoho-sign/Gen Agent Trust Hub

zoho-sign

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the NPM registry to interact with the Membrane platform. This is a vendor-provided tool.
  • [COMMAND_EXECUTION]: Utilizes the membrane command-line tool for authentication, connection management, and executing Zoho Sign API actions.
  • [PROMPT_INJECTION]: The skill processes data from external Zoho Sign API responses, which presents a surface for potential indirect prompt injection. 1. Ingestion points: Data retrieved via membrane action run or membrane request from Zoho Sign APIs (SKILL.md). 2. Boundary markers: Absent; the instructions do not specify delimiters to isolate external data. 3. Capability inventory: Shell command execution via the membrane CLI tool (SKILL.md). 4. Sanitization: Absent; no explicit validation or filtering of API responses is defined.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 09:26 AM