vercel-sandbox

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] Based on the supplied documentation-only fragment, there is no direct evidence of malicious behavior. The file legitimately requests ComputeSDK and Vercel credentials and documents remote code execution in provider sandboxes — appropriate for the described capability. The main risks are supply-chain trust in the computesdk package and GitHub skill repo, and the inherent sensitivity of the credentials and remote-code-execution capability. Recommend reviewing the computesdk package source and the referenced GitHub skill implementation to confirm no intermediary exfiltration, excessive telemetry, or hidden data flows. LLM verification: No explicit malicious code is present in the documentation. The primary risks are supply-chain (unpinned dependency) and ambiguous data flow: the docs do not clarify whether user code and credentials are sent directly to Vercel or proxied via ComputeSDK's backend. Because of that ambiguity, users should not place high-privilege credentials into this flow without first auditing the computesdk package and confirming where execution and credential handling occur. Recommended actions: pin dependenci