Skills
skills/vm0-ai/vm0-skills/kommo/Gen Agent Trust Hub

kommo

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to perform API operations and jq for data processing, which are standard for interacting with CRM platforms.
  • [DATA_EXFILTRATION]: The skill transmits data to the official Kommo API endpoint (kommo.com). Authentication is managed via environment variables (KOMMO_API_KEY, KOMMO_SUBDOMAIN) to prevent credential leakage.
  • [PROMPT_INJECTION]: The skill processes data from CRM objects that could contain untrusted input, creating a surface for indirect prompt injection. Ingestion points: Lead names, task descriptions, and contact info from SKILL.md. Boundary markers: None identified. Capability inventory: CLI execution via curl and jq. Sanitization: No specific sanitization or validation of API data is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM