zentao-cli
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill suggests installing the
zentao-clipackage from the official npm registry. This is a vendor-owned resource (Easysoft) and is consistent with the skill's purpose. - [REMOTE_CODE_EXECUTION]: The documentation includes the use of
npx zentao-cli, which downloads and executes the latest version of the tool. As this targets the official vendor package on a well-known service, it is considered safe runtime behavior. - [COMMAND_EXECUTION]: The skill executes the
zentaocommand-line utility to manage project data. It explicitly includes a--yesflag for deletion operations to facilitate autonomous agent workflows. - [CREDENTIALS_UNSAFE]: The skill documentation describes credential storage locations such as
~/.config/zentao/zentao.jsonand environment variables. Crucially, the instructions provide safety guidelines strictly forbidding the agent from reading these sensitive files or collecting passwords from users directly. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection as it ingests and displays data from external ZenTao records.
- Ingestion points: Data returned from the ZenTao API via commands like
zentao bugorzentao story(SKILL.md). - Boundary markers: Absent; instructions do not specify delimiters for external content in the agent's output.
- Capability inventory: The agent can execute a wide range of CLI commands including creating, updating, and deleting data using the
zentaotool. - Sanitization: No explicit sanitization or filtering of external content is mentioned in the instructions.
Audit Metadata