zentao-cli

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill suggests installing the zentao-cli package from the official npm registry. This is a vendor-owned resource (Easysoft) and is consistent with the skill's purpose.
  • [REMOTE_CODE_EXECUTION]: The documentation includes the use of npx zentao-cli, which downloads and executes the latest version of the tool. As this targets the official vendor package on a well-known service, it is considered safe runtime behavior.
  • [COMMAND_EXECUTION]: The skill executes the zentao command-line utility to manage project data. It explicitly includes a --yes flag for deletion operations to facilitate autonomous agent workflows.
  • [CREDENTIALS_UNSAFE]: The skill documentation describes credential storage locations such as ~/.config/zentao/zentao.json and environment variables. Crucially, the instructions provide safety guidelines strictly forbidding the agent from reading these sensitive files or collecting passwords from users directly.
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection as it ingests and displays data from external ZenTao records.
  • Ingestion points: Data returned from the ZenTao API via commands like zentao bug or zentao story (SKILL.md).
  • Boundary markers: Absent; instructions do not specify delimiters for external content in the agent's output.
  • Capability inventory: The agent can execute a wide range of CLI commands including creating, updating, and deleting data using the zentao tool.
  • Sanitization: No explicit sanitization or filtering of external content is mentioned in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 02:59 AM
Security Audit — agent-trust-hub — zentao-cli