zernio
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its inbox management capabilities.
- Ingestion points: untrusted data enters the agent context via
src/commands/inbox.tsthrough commands that fetch messages, comments, and reviews from external social media platforms. - Boundary markers: absent; the tool outputs raw JSON content from these external sources without delimiters or instructions to ignore embedded commands.
- Capability inventory: across the codebase, the tool possesses capabilities to read and write to the filesystem (
src/utils/config.ts,src/commands/media.ts,src/commands/contacts.ts,src/commands/sequences.ts) and perform network operations (src/commands/auth.ts,src/commands/media.ts). - Sanitization: absent; external social media content is retrieved and passed directly into the output stream for processing by the agent.
- [SAFE]: The skill accesses
~/.zernio/config.jsonto store and retrieve authentication credentials. This is standard behavior for a CLI tool managing its own configuration. - [SAFE]: The skill performs network requests to
zernio.comand vendor-provided presigned URLs for media uploads. These operations are consistent with the tool's primary purpose and target the vendor's own infrastructure.
Audit Metadata