vercel-sandbox
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the installation of the 'computesdk' npm package and the addition of skills from 'github.com/computesdk/sandbox-skills', neither of which are on the trusted sources list.
- REMOTE_CODE_EXECUTION (MEDIUM): The core functionality 'sandbox.runCode()' enables dynamic execution of arbitrary code in a remote environment, posing a risk if the code string is influenced by untrusted data.
- COMMAND_EXECUTION (MEDIUM): The recommendation to use 'npx skills add' with a remote repository URL allows for the installation of unvetted agent capabilities.
- CREDENTIALS_UNSAFE (LOW): Guidance includes using sensitive tokens like 'VERCEL_TOKEN' in environment files, which increases the risk of accidental credential exposure.
- PROMPT_INJECTION (LOW): Vulnerable to indirect prompt injection; the skill ingests data for code execution (SKILL.md) without sanitization or boundary markers, combined with high-impact code execution capabilities. Evidence: Ingestion points: runCode method call; Boundary markers: Absent; Capability inventory: sandbox.runCode (Vercel RCE); Sanitization: Absent.
Audit Metadata