vercel-sandbox
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it retrieves and processes external content to update its reference files.\n
- Ingestion points: Documentation is fetched from
https://vercel.com/docs/vercel-sandboxand its sub-pages by theupdate_docs.pyscript and saved to thereferences/directory.\n - Boundary markers: The script adds source URL comments to the fetched files, but the skill does not implement robust structural delimiters to prevent the agent from interpreting fetched text as instructions.\n
- Capability inventory: The skill possesses the ability to create and manage sandboxes, execute commands within them via the Vercel SDK, and perform local configuration tasks.\n
- Sanitization: The
scripts/update_docs.pyscript employs an HTML parser to extract text and remove potentially active tags such as<script>and<style>.\n- [EXTERNAL_DOWNLOADS] (SAFE): The documentation update mechanism performs network requests tovercel.com. These downloads are legitimate, target a trustworthy primary source for the skill's functionality, and do not involve the execution of remote scripts.
Audit Metadata