together
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard CLI tools
curlandjqto execute API requests and process JSON responses. - [EXTERNAL_DOWNLOADS]: Interacts with
api.together.ai, which is the official and well-known endpoint for Together AI services. It also references vendor-specific resources atapp.vm0.ai. - [DATA_EXFILTRATION]: Employs the
$TOGETHER_TOKENenvironment variable for secret management, which is a recommended security practice to avoid hardcoding credentials. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: User-supplied text is used as content for the
messages,prompt, andinputfields in JSON payloads written to/tmp/. - Boundary markers: No explicit delimiters are present in the JSON structures to isolate untrusted user data.
- Capability inventory: The skill allows network communication to the Together AI API and file writing to the
/tmp/directory. - Sanitization: The skill does not perform explicit validation or escaping of the user-provided prompts before they are sent to the external API.
Audit Metadata