zeabur-domain-registrant
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes Zeabur CLI commands to manage domain registrant profiles and WHOIS metadata.
- [EXTERNAL_DOWNLOADS]: Fetches the official 'zeabur' CLI package from the NPM registry using npx to ensure the latest version is used.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because user-provided profile information such as names, addresses, and emails are interpolated into shell commands as flags without explicit sanitization.
- Ingestion points: User-controlled fields for the 'registrant create' and 'update' commands in SKILL.md.
- Boundary markers: None.
- Capability inventory: Execution of shell commands via npx.
- Sanitization: No validation or escaping of user-provided input is specified.
Audit Metadata