Skills
skills/vm0-ai/vm0-skills/deepseek/Gen Agent Trust Hub

deepseek

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Uses system commands curl and jq to perform network requests and process JSON responses from the DeepSeek API. These are standard tools for API interaction.
  • [EXTERNAL_DOWNLOADS]: Mentions the openai library for Python and Node.js as compatible SDKs for the service. These are well-known and trusted packages from the official registries.
  • [PROMPT_INJECTION]: The skill acts as a proxy for a remote LLM and handles user input via interpolation into JSON payloads.
  • Ingestion points: Untrusted user input is placed into the messages content field within SKILL.md examples.
  • Boundary markers: None present; uses standard JSON delimiters.
  • Capability inventory: The skill uses curl for external network communication and writes temporary files to /tmp.
  • Sanitization: No explicit sanitization or escaping of user input is performed before the API call.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:43 PM
Security Audit — agent-trust-hub — deepseek