vercel-blob
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill specifies the installation of the '@vercel/blob' package. As 'vercel' is a trusted organization, this dependency is downgraded to LOW severity according to [TRUST-SCOPE-RULE].
- PROMPT_INJECTION (LOW): The skill facilitates the uploading of user-provided files (images, PDFs, etc.), which creates an indirect prompt injection surface.
- Ingestion points: File uploads via 'put' and 'handleUpload' methods described in README.md.
- Boundary markers: No delimiters or explicit instructions to ignore embedded content are provided in the documentation.
- Capability inventory: The skill uses the '@vercel/blob' SDK for file management (put, list, delete).
- Sanitization: While the README mentions that templates include file validation (type and size), no sanitization or escaping logic is present in the provided code snippets.
Audit Metadata