Skills
skills/vm0-ai/vm0-skills/v0/Gen Agent Trust Hub

v0

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Uses curl and jq to interact with the v0 REST API and process JSON responses.
  • [EXTERNAL_DOWNLOADS]: Communicates with the well-known service Vercel via its official API domain api.v0.dev to fetch generated code and project metadata.
  • [DATA_EXFILTRATION]: Follows secure practices by instructing the user to store API credentials in the V0_TOKEN environment variable rather than hardcoding secrets.
  • [PROMPT_INJECTION]: Contains an indirect prompt injection surface as the agent processes natural language output and code generated by an external API.
  • Ingestion points: API response body from https://api.v0.dev/v1/chats and associated endpoints.
  • Boundary markers: No specific delimiters or "ignore previous instructions" guards are implemented for the API data.
  • Capability inventory: Shell execution (curl, jq) and file system access (writing to /tmp/v0_request.json).
  • Sanitization: No explicit sanitization or validation of the remote API content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM