Skills
skills/vm0-ai/vm0-skills/bitrix/Gen Agent Trust Hub

bitrix

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to interact with the Bitrix24 API and jq to parse JSON responses. It also demonstrates writing temporary JSON files to /tmp/bitrix_request.json for POST request bodies.
  • [EXTERNAL_DOWNLOADS]: Performs network requests to bitrix24.com to manage CRM data (leads, deals, contacts) and tasks. Bitrix24 is a well-known CRM service.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection if data retrieved from the Bitrix24 API contains malicious instructions.
  • Ingestion points: API response data from leads, contacts, and tasks (e.g., SKILL.md examples for listing leads and tasks).
  • Boundary markers: None present in the provided shell examples.
  • Capability inventory: Shell command execution via curl and jq, file system access (writing to /tmp/).
  • Sanitization: No explicit sanitization of the API data is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:43 PM