zenkraft
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is a vendor-owned resource for the Membrane platform and is necessary for the skill's functionality. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to execute various shell commands for logging in, connecting to services, and listing or running actions. These are expected behaviors for a CLI-based integration. - [REMOTE_CODE_EXECUTION]: The skill utilizes the
membrane action createcommand, which allows the Membrane platform to automatically generate actions based on user descriptions. These actions are then executed viamembrane action run. This functionality is part of the managed Membrane platform's core service. - [PROMPT_INJECTION]: The skill ingests user-provided intent and parameters which are passed as arguments to the CLI commands. This represents an indirect prompt injection surface. \n * Ingestion points: User-provided strings for the
--intentparameter inmembrane action list, the description inmembrane action create, and the JSON input inmembrane action run.\n * Boundary markers: The use of structured JSON for action input parameters provides some separation between data and instructions.\n * Capability inventory: The skill can perform shipping and logistics operations (tracking, rating, labels, manifests) within the context of a Zenkraft connection.\n * Sanitization: Relies on the Membrane platform's internal processing of inputs received through its CLI.
Audit Metadata