Skills
skills/vm0-ai/vm0-skills/doppler/Gen Agent Trust Hub

doppler

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes curl and jq to execute API requests and parse secret data from Doppler.
  • [DATA_EXFILTRATION]: Initiates network connections to api.doppler.com. This activity is documented neutrally as it involves a well-known secrets management service and is the primary function of the skill.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted data from an external API.
  • Ingestion points: Secret values and project metadata retrieved from api.doppler.com in SKILL.md.
  • Boundary markers: No boundary markers or instructions to disregard embedded commands within the fetched data are present.
  • Capability inventory: Includes the use of curl and jq across all functional examples in SKILL.md.
  • Sanitization: The skill does not provide mechanisms for sanitizing or validating external content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM