Skills
NYC
skills/vm0-ai/vm0-skills/streak/Gen Agent Trust Hub

streak

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill retrieves and processes data from external sources (Streak CRM) that may contain untrusted content such as email threads, comments, and task descriptions.
  • Ingestion points: Untrusted data enters the agent context via curl responses from endpoints like /v1/boxes/{boxKey}/threads, /v1/boxes/{boxKey}/comments, and /v1/search as defined in SKILL.md.
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore instructions embedded in the retrieved data.
  • Capability inventory: The skill uses bash -c to execute curl commands. While these are currently scoped to API interactions, an agent influenced by data injection could be tricked into malforming these requests or acting on malicious instructions within the output.
  • Sanitization: Absent. There is no evidence of filtering or sanitizing the content returned from the API before it is processed by the LLM.
  • [Command Execution] (SAFE): The skill uses bash -c to execute curl commands. This is documented as a workaround for environment variable persistence in specific environments and is used here for legitimate API interaction with api.streak.com.
  • [Data Exposure] (SAFE): The skill correctly uses an environment variable (STREAK_API_KEY) for authentication rather than hardcoding credentials. No sensitive local file access was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:08 PM