z-api
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is a standard utility provided by the vendor to manage integrations. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform operations such as authentication, connection management, and running API actions. These commands are necessary for the skill's primary function of integrating with Z-API. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from external Z-API endpoints (e.g., customer details, orders, and action descriptions).
- Ingestion points: Output from the
membrane action listandmembrane action runcommands is ingested into the agent context (SKILL.md). - Boundary markers: No explicit boundary markers or delimiters are defined to separate external data from system instructions.
- Capability inventory: The skill has the ability to execute shell commands via the CLI and perform network operations through actions.
- Sanitization: There is no evidence of sanitization or validation of external data before it is interpolated into the agent's reasoning flow.
Audit Metadata