Skills
skills/vm0-ai/vm0-skills/shortio/Gen Agent Trust Hub

shortio

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use standard shell commands such as curl and jq to interact with the Short.io API and process JSON data.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the official Short.io API endpoint (https://api.short.io) which is a well-known service required for its primary functionality.
  • [SAFE]: The skill processes user-provided URLs and API responses, which constitutes a surface for indirect prompt injection, though no malicious implementation was observed.
  • Ingestion points: User-provided destination URLs and responses from the Short.io API in SKILL.md.
  • Boundary markers: None explicitly defined in the shell command examples.
  • Capability inventory: File write operations to /tmp and network communication via curl in SKILL.md.
  • Sanitization: None explicitly defined; the skill assumes valid input for API requests.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM