Skills
NYC
skills/vm0-ai/vm0-skills/reportei/Gen Agent Trust Hub

reportei

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill uses curl and jq to interact with the Reportei API. It utilizes bash -c to ensure environment variables are correctly passed to piped commands, which is a documented functional requirement and not a security bypass.
  • [CREDENTIALS_UNSAFE] (SAFE): The API token REPORTEI_API_TOKEN is properly managed via vm0_secrets. No hardcoded keys or passwords were found in the instructions.
  • [DATA_EXFILTRATION] (SAFE): All network activity is directed to the legitimate service domain app.reportei.com. There is no evidence of accessing sensitive local files (like SSH keys or AWS credentials) or exfiltrating data to untrusted endpoints.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill does not perform any external package installations (npm/pip) or execute remote scripts.
  • [PROMPT_INJECTION] (SAFE): The instructions are clear, descriptive, and do not contain any patterns intended to override agent safety protocols or system prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:08 PM