zep-cli
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of the
zepCLI tool to perform platform operations like listing experiments, submitting runs, and managing authentication tokens. It assumes the tool is either in the system PATH or executed viapoetry run. - [CREDENTIALS_UNSAFE]: The skill provides instructions for handling sensitive information, including API tokens (
ZEP_TOKEN), API keys (ZEP_API_KEY), and local configuration files (~/.zep/config.json). It correctly advises setting these via environment variables and explicitly warns against echoing raw tokens into logs or chat interfaces. - [INDIRECT_PROMPT_INJECTION]: The skill creates an attack surface by ingesting untrusted data from the platform (such as experiment names, run lists, or dataset content) that could contain malicious instructions. However, the risk is mitigated by explicit instructions to always show the target workspace and obtain user confirmation before performing any mutating commands (submit, cancel, or delete).
Audit Metadata