vercel-dns
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill utilizes the
vercelCLI to perform operations. While these are legitimate infrastructure management tasks, they involve subprocess calls that execute system-level commands. - EXTERNAL_DOWNLOADS (LOW): The skill references the installation of the
vercelCLI vianpmorbrew. Per [TRUST-SCOPE-RULE], Vercel is a trusted organization, downgrading this finding to LOW as it points to official, reputable software. - PROMPT_INJECTION (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8). It possesses high-privilege write/execute capabilities (modifying DNS records) and accepts external parameters like domain names and TXT record values.
- Ingestion points: Command-line arguments for
<domain>,<subdomain>,<target>, and<value>provided in the documentation. - Boundary markers: None detected. There are no instructions to the agent to treat these inputs as untrusted or to ignore embedded instructions within processed data.
- Capability inventory: The skill can create (
add) and delete (rm) DNS records. This allows for traffic redirection, MX record hijacking for email interception, and ownership verification for malicious services. - Sanitization: No sanitization or validation logic is present in the skill definition to ensure inputs are valid domain components or to prevent command injection through shell meta-characters (though the Vercel CLI itself may provide some protection).
Recommendations
- AI detected serious security threats
Audit Metadata