zoho-expense
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the official Membrane CLI tool from the NPM registry (
@membranehq/cli@latest) to facilitate account management and tool execution. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI to perform various operations, including authentication (membrane login), connection management (membrane connect), and running integration actions (membrane action run). - [DYNAMIC_EXECUTION]: Includes a feature to dynamically generate new integration capabilities (
membrane action create) based on natural language descriptions provided at runtime. - [PROMPT_INJECTION]: The skill processes untrusted user input through the
--intentand--descriptionflags to discover or build executable actions, which serves as a potential surface for indirect prompt injection.
Audit Metadata