zulip
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Utilizes the 'membrane' CLI for all API interactions, including listing connections and running actions. This is the intended behavior for this platform.
- [EXTERNAL_DOWNLOADS]: Recommends installing '@membranehq/cli' from the official NPM registry. This package is owned by the skill's authoring organization.
- [CREDENTIALS_UNSAFE]: Explicitly instructs the agent to avoid asking users for API keys, instead relying on Membrane's managed connection system to handle authentication safely.
- [PROMPT_INJECTION]: The skill interacts with external data (Zulip messages) which represents a surface for indirect prompt injection. This is documented as a low-risk inherent property of messaging integrations with the following details:
- Ingestion points: Reads Zulip messages, topics, and stream data via the CLI.
- Boundary markers: None explicitly defined in the instructions.
- Capability inventory: Can execute actions and proxy requests via 'membrane action run' and 'membrane request'.
- Sanitization: Not explicitly mentioned in the skill body.
Audit Metadata