Skills
skills/zenzap-co/zenzap-public-openclaw-plugin/zenzap-onboarding/Gen Agent Trust Hub

zenzap-onboarding

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the vendor-owned plugin '@zenzap-co/openclaw-plugin' and fetches extended API documentation from 'docs.zenzap.co'.
  • [COMMAND_EXECUTION]: Uses the 'openclaw' CLI to install plugins and configure workspace credentials with a generated connection token.
  • [PROMPT_INJECTION]: The skill establishes a polling mechanism that serves as an ingestion surface for indirect prompt injection from workspace messages.
  • Ingestion points: Step 5 polls the 'https://api.zenzap.co/v2/updates' endpoint for new workspace events.
  • Boundary markers: The instructions do not specify any delimiters or safety markers to differentiate user-provided message content from instructions.
  • Capability inventory: The agent possesses the ability to create topics, read and write messages, and perform various API operations within the created workspace.
  • Sanitization: There is no description of sanitization or filtering logic applied to the data received from the updates endpoint.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 05:23 PM