Skills
skills/zilliztech/zilliz-skill/zilliz/Gen Agent Trust Hub

zilliz

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the installation of the zilliz-cli by downloading and executing a shell script from the vendor's repository.
  • Evidence: curl -fsSL https://raw.githubusercontent.com/zilliztech/zilliz-cli/master/install.sh | bash in SKILL.md and references/setup.md.
  • Context: The resource is hosted on the official GitHub repository for zilliztech, the author of the skill and the CLI tool.
  • [COMMAND_EXECUTION]: The skill relies on executing shell commands via the zilliz-cli tool to interact with Zilliz Cloud services.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to the interpolation of untrusted user data into shell commands.
  • Ingestion points: Data provided by the user is passed to CLI arguments such as --data, --filter, --search, and --body in references/vector.md, references/collection.md, and references/partition.md.
  • Boundary markers: Absent. There are no explicit instructions to the agent to treat this data as non-executable or to use specific delimiters.
  • Capability inventory: The skill possesses shell execution capabilities through zilliz-cli and file-read capabilities as demonstrated by the use of $(cat data.json) in references/vector.md.
  • Sanitization: Absent. The instructions do not include steps to sanitize or escape user input before it is used in command strings.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 09:58 AM