Skills
skills/zhinjs/ai-skills/zhin-command-middleware/Gen Agent Trust Hub

zhin-command-middleware

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill processes untrusted user data which could contain malicious instructions.
  • Ingestion points: message.$raw in addMiddleware and result.params.content in the echo command in SKILL.md.
  • Boundary markers: Absent in the provided code snippets.
  • Capability inventory: Logging via plugin.logger.info and message replies via message.$reply.
  • Sanitization: None demonstrated in the documentation snippets.
  • [Automated Scanner False Positive] (SAFE): The security alert regarding 'plugin.logger.info' is a misidentification of a standard framework method call as a malicious URL.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:38 PM