ziniao-workflow-batch-account
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple shell commands using the ziniao-cli utility to fetch data and perform API operations.
- [EXTERNAL_DOWNLOADS]: The skill specifies a dependency on the external binary ziniao-cli in its metadata.
- [DATA_EXFILTRATION]: The skill requires reading potentially sensitive organizational data, including employee lists and shop account identifiers, into the agent's context to process the workflow.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection attack surface where untrusted data from tool outputs is used to drive further actions. 1. Ingestion points: Output from ziniao-cli staff list and account list commands in SKILL.md. 2. Boundary markers: No delimiters or warnings are used to isolate ingested data. 3. Capability inventory: The agent can execute arbitrary API calls through the ziniao-cli tool. 4. Sanitization: There is no instruction to sanitize or validate the data retrieved from the listing commands before using it in API requests.
Audit Metadata