zoho-workdrive
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Membrane CLI (
membrane) to interact with Zoho WorkDrive, including managing connections and running actions. These operations are standard for the integration and restricted to the platform's environment. - [EXTERNAL_DOWNLOADS]: The skill suggests installing the
@membranehq/clipackage. This is a legitimate tool provided by the vendor and is necessary for the skill's functionality. - [PROMPT_INJECTION]: The skill processes external data from Zoho WorkDrive, which represents a surface for indirect prompt injection.
- Ingestion points: Data retrieved through
membrane action runandmembrane requestin SKILL.md. - Boundary markers: No delimiters or specific ignore instructions are present.
- Capability inventory: The agent has the capability to execute shell commands via the
membraneCLI. - Sanitization: The instructions do not specify any sanitization or validation for data fetched from the API.
Audit Metadata