Skills
skills/vm0-ai/vm0-skills/jotform/Gen Agent Trust Hub

jotform

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute curl and jq commands to interact with the JotForm API endpoints.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from and sends data to the well-known JotForm API service (api.jotform.com).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted external data from JotForm API responses.
  • Ingestion points: Data from form submissions, questions, and properties enter the agent's context via various GET endpoints defined in SKILL.md.
  • Boundary markers: There are no specified delimiters or instructions to prevent the agent from obeying commands embedded within the retrieved JotForm data.
  • Capability inventory: The skill includes high-privilege capabilities such as deleting submissions, creating webhooks, and deleting forms using curl with DELETE and POST methods in SKILL.md.
  • Sanitization: No validation or sanitization of external content is performed on data retrieved from the API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM