vercel-blob
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the official @vercel/blob SDK and associated Vercel infrastructure, which are trusted and well-known services.
- [SAFE]: All identified dependencies, including @vercel/blob, next, react, and react-dom, are standard packages from reputable maintainers.
- [SAFE]: The skill's documentation (SKILL.md) emphasizes security best practices, explicitly warning developers not to expose secret environment variables to the client-side.
- [COMMAND_EXECUTION]: Example CLI commands such as 'vercel env pull' and 'npm install' are provided for standard project configuration and do not involve arbitrary or dangerous execution patterns.
- [DATA_EXFILTRATION]: While the skill involves uploading files, it provides patterns for restricted uploads using signed tokens and validation to ensure data is only sent to the user's intended storage.
- [PROMPT_INJECTION]: The instructions are focused on technical implementation and do not contain any patterns intended to override agent behavior or bypass safety guardrails.
- [SAFE]: No evidence of code obfuscation, hidden URLs, or unauthorized persistence mechanisms was found across any of the analyzed files.
Audit Metadata