zoho-sheet
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
membranecommand-line interface to manage authentication, search for connectors, and execute API actions. These are standard operations for interacting with the Membrane platform. - [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the npm registry. This is the official CLI tool provided by the vendor to facilitate platform integrations. - [DATA_EXFILTRATION]: The skill interacts with Zoho Sheet data through a secure proxy. It follows best practices by explicitly instructing the agent to never ask for user API keys and instead use the platform's connection management system to handle credentials server-side.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests untrusted data from external spreadsheets. While it lacks explicit boundary markers or sanitization instructions for this data, this is an inherent risk of the skill's primary function of data management and does not indicate malicious intent.
Audit Metadata