Skills
skills/membranedev/application-skills/zoho-workdrive/Gen Agent Trust Hub

zoho-workdrive

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the official @membranehq/cli tool from npm, which is a verified package from the skill author (membranedev).
  • [COMMAND_EXECUTION]: Uses the membrane CLI for authentication and executing actions against the Zoho WorkDrive API. These operations are standard for the integration and occur over a secure channel.
  • [PROMPT_INJECTION]: The skill has an indirect injection surface as it ingests untrusted data from Zoho WorkDrive. Ingestion point: SKILL.md (via action output). Boundary markers: Absent. Sanitization: Not specified. Capabilities: CLI action execution and dynamic action creation. This is a common risk for skills that process external data.
  • [COMMAND_EXECUTION]: Allows for dynamic generation of integration logic on the author's platform via the membrane action create command, which is an intended feature of the service.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 11:40 AM