ziniao-store
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed around the execution of the
ziniao-clicommand-line tool. It uses several subcommands such asstore list,store open, andzclaw invoketo manage local browser sessions. These operations are conducted through a local bridge on127.0.0.1:9481and are consistent with the skill's stated purpose of store management within the Ziniao browser environment. - [DATA_EXFILTRATION]: Analysis of network operations shows communication is restricted to the local loopback interface (
127.0.0.1) for controlling the browser bridge. No unauthorized external network calls or exfiltration of sensitive files were identified. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data regarding store names and IDs, which represents a potential surface for indirect injection if that data is attacker-controlled. However, the capabilities are limited to local browser window management, and the risk is considered low and inherent to the functionality.
- Ingestion points: Store metadata retrieved via
ziniao-cli store listas documented inreferences/ziniao-store-list.md. - Boundary markers: The documentation does not specify the use of delimiters or warnings to ignore instructions embedded in store metadata.
- Capability inventory: The skill utilizes
ziniao-clito execute subprocess commands for browser control. - Sanitization: No explicit sanitization or validation of the ingested store names is mentioned.
Audit Metadata