Skills
skills/vm0-ai/vm0-skills/xero/Gen Agent Trust Hub

xero

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines several curl command templates for managing accounting data, projects, and files. This is the primary intended function of the skill to allow the agent to interact with the Xero service.
  • [DATA_EXFILTRATION]: Network operations are restricted to official Xero API domains (api.xero.com) and utilize a user-provided $XERO_TOKEN for authentication. There is no evidence of data being sent to unauthorized third-party destinations.
  • [EXTERNAL_DOWNLOADS]: The skill references r.jina.ai as a recommended way to fetch and parse official Xero documentation for runtime reference. As a well-known service for documentation extraction, this is considered a safe and standard implementation.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill includes instructions for uploading and downloading files (e.g., receipt.pdf) to and from Xero's infrastructure. These operations are scoped to the user's connected Xero organization.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:44 PM