zenmux-setup
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides
curlandexportcommand examples to the user for configuration and connectivity testing. These are standard developer setup instructions and are not executed automatically by the agent without user intent. - [DATA_EXFILTRATION]: The skill communicates with official ZenMux endpoints (
zenmux.ai) for API services and documentation. These interactions are core to the skill's purpose as a vendor setup guide and do not involve unauthorized data transfer. - [CREDENTIALS_UNSAFE]: Configuration steps involve handling API keys, but the skill correctly uses placeholders (e.g.,
<your-zenmux-api-key>) and instructs users to store them securely in environment variables rather than hardcoding them. - [INDIRECT_PROMPT_INJECTION]: The skill reads from local documentation files in
.context/references/. While this constitutes an ingestion point for untrusted data if the references were to be poisoned, in this context, it represents reading vendor-provided documentation and is a standard platform feature with no evidence of malicious intent.
Audit Metadata