ziniao-store

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed around the execution of the ziniao-cli command-line tool. It uses several subcommands such as store list, store open, and zclaw invoke to manage local browser sessions. These operations are conducted through a local bridge on 127.0.0.1:9481 and are consistent with the skill's stated purpose of store management within the Ziniao browser environment.
  • [DATA_EXFILTRATION]: Analysis of network operations shows communication is restricted to the local loopback interface (127.0.0.1) for controlling the browser bridge. No unauthorized external network calls or exfiltration of sensitive files were identified.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data regarding store names and IDs, which represents a potential surface for indirect injection if that data is attacker-controlled. However, the capabilities are limited to local browser window management, and the risk is considered low and inherent to the functionality.
  • Ingestion points: Store metadata retrieved via ziniao-cli store list as documented in references/ziniao-store-list.md.
  • Boundary markers: The documentation does not specify the use of delimiters or warnings to ignore instructions embedded in store metadata.
  • Capability inventory: The skill utilizes ziniao-cli to execute subprocess commands for browser control.
  • Sanitization: No explicit sanitization or validation of the ingested store names is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:44 AM