ziniao-workflow-batch-account

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple shell commands using the ziniao-cli utility to fetch data and perform API operations.
  • [EXTERNAL_DOWNLOADS]: The skill specifies a dependency on the external binary ziniao-cli in its metadata.
  • [DATA_EXFILTRATION]: The skill requires reading potentially sensitive organizational data, including employee lists and shop account identifiers, into the agent's context to process the workflow.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection attack surface where untrusted data from tool outputs is used to drive further actions. 1. Ingestion points: Output from ziniao-cli staff list and account list commands in SKILL.md. 2. Boundary markers: No delimiters or warnings are used to isolate ingested data. 3. Capability inventory: The agent can execute arbitrary API calls through the ziniao-cli tool. 4. Sanitization: There is no instruction to sanitize or validate the data retrieved from the listing commands before using it in API requests.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 03:31 AM