zoho-survey
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI using
npm install -g @membranehq/cli@latest. This is a standard dependency for accessing the vendor's platform tools. - [COMMAND_EXECUTION]: Provides instructions for running various
membraneCLI commands for authentication, connection management, and action execution. These commands are integral to the skill's purpose and are directed at the vendor's official toolset. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by explicitly advising against asking for API keys and instead using a managed connection through the Membrane platform.
- [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. Network operations are performed via the Membrane CLI to interact with Zoho Survey services.
- [PROMPT_INJECTION]: The skill processes survey data and responses from Zoho Survey. While this constitutes a data ingestion surface for potential indirect prompt injection, it does not possess capabilities that would elevate the risk beyond standard application behavior.
Audit Metadata