zoho-crm
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto perform REST API requests (GET and POST) andjqto process the resulting JSON data. These operations are essential to its function of managing CRM records and do not involve arbitrary or dangerous command execution. - [CREDENTIALS_UNSAFE]: Authentication is managed through the
ZOHO_ACCESS_TOKENenvironment variable. No hardcoded credentials, tokens, or secrets are present in the code. - [DATA_EXFILTRATION]: Network traffic is directed to the Zoho API endpoints defined by the
ZOHO_API_DOMAINenvironment variable. There are no attempts to send data to unknown or suspicious external domains. - [SAFE]: The skill follows least-privilege principles by requesting specific environment variables and uses well-known, standard utilities to perform its tasks.
Audit Metadata