Skills
skills/zeabur/zeabur-claude-plugin/zeabur-server-list/Gen Agent Trust Hub

zeabur-server-list

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Zeabur CLI (npx zeabur@latest) to perform server management operations such as listing, getting details, and rebooting servers.
  • [EXTERNAL_DOWNLOADS]: The use of npx facilitates the download and execution of the zeabur package from the npm registry. This is the official tool from the vendor 'zeabur'.
  • [REMOTE_CODE_EXECUTION]: The skill enables remote command execution on dedicated servers via the zeabur server ssh command. This is a core administrative feature for the intended use case.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing output from remote SSH sessions (e.g., MOTD or command results), which could theoretically contain instructions intended to influence the agent.
  • Ingestion points: Remote server output and MOTD banners ingested via npx zeabur@latest server ssh in SKILL.md.
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are provided for remote output.
  • Capability inventory: Subprocess execution via npx and shell piping in SKILL.md.
  • Sanitization: Suggests basic text filtering (grep) for MOTD usability, but lacks security-focused sanitization of remote data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 06:55 AM