vm0
Warn
Audited by Snyk on Mar 26, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to query public marketplaces (curl to https://skills.sh/api/search and GitHub repos like https://github.com/vm0-ai/vm0-skills and raw.githubusercontent.com for SKILL.md), and explicitly tells the agent to read those third‑party SKILL.md pages to decide which skills, secrets, and compose actions to perform, exposing it to untrusted, user-contributed content that can influence tool use.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching of skill/instruction files from GitHub (e.g. https://github.com/vm0-ai/vm0-skills/tree/main/{skill-name} and the raw manifest URL https://raw.githubusercontent.com/vm0-ai/vm0-skills/main/{skill-name}/SKILL.md), which are loaded/injected into the agent at runtime and thus directly control prompts/instructions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata