Skills
skills/vm0-ai/vm0-skills/supadata/Gen Agent Trust Hub

supadata

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches data from api.supadata.ai, which is the official endpoint for the service described in the skill.
  • [COMMAND_EXECUTION]: Executes curl and jq to interact with the API. The commands use temporary files in /tmp and are consistent with standard development practices.
  • [DATA_EXFILTRATION]: Transfers user-supplied URLs and JSON configurations to the Supadata API. This is the intended purpose of the skill and uses the user's own credentials.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from the web. Ingestion points: api.supadata.ai/v1/transcript, api.supadata.ai/v1/web/scrape (SKILL.md). Boundary markers: None (SKILL.md). Capability inventory: curl, jq (SKILL.md). Sanitization: None (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM