zenserp
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the global NPM registry. This is the vendor's official command-line interface.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform operations including authentication (membrane login), connection management (membrane connect), and executing search actions (membrane action run).
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted search results from Zenserp. 1. Ingestion points: Data from Zenserp search actions enters the agent context. 2. Boundary markers: No explicit delimiters or instructions are provided to the agent to treat result data as untrusted. 3. Capability inventory: The skill has the ability to execute CLI commands and manage connections. 4. Sanitization: No sanitization or validation of the search result content is described.
Audit Metadata