Skills
skills/vm0-ai/vm0-skills/tldv/Gen Agent Trust Hub

tldv

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns or security issues were detected. The skill's functionality is entirely consistent with its stated purpose of integrating with the tl;dv meeting recording service.
  • [COMMAND_EXECUTION]: The skill uses standard CLI tools such as curl, jq, and grep to interact with the tl;dv REST API. These operations are restricted to the intended API endpoints and do not involve privileged or suspicious shell operations.
  • [DATA_EXFILTRATION]: The skill utilizes the TLDV_TOKEN secret to authenticate requests to the official tl;dv API subdomain (pasta.tldv.io). This is a legitimate use of the credential for the intended service and does not constitute unauthorized data exfiltration.
  • [PROMPT_INJECTION]: The skill ingests external content, specifically meeting transcripts and AI-generated highlights, from the tl;dv API. This represents an indirect prompt injection surface common to text-processing skills.
  • Ingestion points: Meeting transcripts and highlights retrieved from https://pasta.tldv.io (SKILL.md).
  • Boundary markers: None specified in the instructions.
  • Capability inventory: Shell command execution (curl, jq, grep) and network access to the tl;dv API.
  • Sanitization: None specified for the ingested API data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 05:13 PM