zapier-status
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill's 'Audit' mode instructs the agent to read local configuration files, including '.cursor/mcp.json', 'claude_desktop_config.json', and '.mcp.json'. These files are used to store environment settings and authentication details for various AI tools and may contain sensitive credentials or API keys belonging to other services.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted content from tool metadata and local system configurations.
- Ingestion points: External tool descriptions provided by the Zapier server and the contents of local configuration files (e.g., '.cursor/mcp.json').
- Boundary markers: The skill lacks delimiters or specific instructions to the agent to disregard potential commands embedded within the audited configuration data.
- Capability inventory: The skill can list available tools, read local system files, and call external Zapier actions, providing a path for ingested data to influence tool execution.
- Sanitization: No validation or filtering is performed on the data retrieved from external tools or local files before it is used to generate reports or diagnostics.
Audit Metadata