Skills
skills/vm0-ai/vm0-skills/mixpanel/Gen Agent Trust Hub

mixpanel

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes curl for interacting with Mixpanel APIs and a zero doctor command for environment diagnostics. It also employs shell redirection to write temporary scripts and JSON payloads to the /tmp/ directory before they are uploaded via curl.
  • [DATA_EXFILTRATION]: The skill transmits project data and authentication credentials (via environment variables) to official Mixpanel domains (mixpanel.com, data.mixpanel.com, api.mixpanel.com). These network operations are consistent with the skill's documented purpose for a well-known service.
  • [EXTERNAL_DOWNLOADS]: Documentation links to official Mixpanel developer resources are provided, and the skill performs structured data retrieval from Mixpanel servers.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of external data (Category 8).
  • Ingestion points: Potential for untrusted data to enter the context through Mixpanel API responses, including event properties, user profiles, and JQL report results.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing of data from the Mixpanel API.
  • Capability inventory: The skill possesses capabilities for command execution (curl, zero) and file system writes (/tmp/) that could be targeted by injected content.
  • Sanitization: No sanitization, validation, or escaping of the content returned from the external API is implemented before the data is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 02:45 AM