vm0
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
curl,npx,gh, andvm0to perform platform operations including searching for skills, cloning configurations, and deploying updates. - [REMOTE_CODE_EXECUTION]: The skill utilizes
npxto download and execute the vendor's command-line interface tool (@vm0/cli) at runtime. This allows the agent to use the latest version of the platform's deployment logic and is a standard operational pattern for this type of integration. - [EXTERNAL_DOWNLOADS]: The skill fetches metadata and configuration files from external sources, including the
skills.shcommunity marketplace and official GitHub repositories from the vendor and other trusted organizations. - [PROMPT_INJECTION]: This skill possesses a surface for indirect prompt injection because it ingests and processes untrusted data from external search results and configuration files.
- Ingestion points: Reads
vm0.yamlandAGENTS.mdfrom the local filesystem and fetches search results from theskills.shAPI. - Boundary markers: No explicit markers or "ignore instructions" delimiters are used when processing the ingested configuration data.
- Capability inventory: Includes the ability to execute shell commands (
npx,curl,gh), read and write files, and redeploy the agent configuration usingvm0 compose. - Sanitization: The skill does not explicitly describe sanitization or validation of the content retrieved from external sources before it is incorporated into the agent's workflow.
Audit Metadata