The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill possesses a high-risk attack surface due to the combination of external data ingestion and powerful system capabilities.
Ingestion points: The skill utilizes mcp__context7__get-library-docs to fetch external documentation for Vercel and Next.js.
Boundary markers: There are no instructions or delimiters provided to prevent the agent from obeying malicious instructions embedded within the fetched documentation or project configuration files.
Capability inventory: The skill allows the agent to use Write for file modifications and Bash for executing npm, npx, and vercel commands. These tools can be used to modify code, install malicious packages, or exfiltrate data.
Sanitization: No sanitization or validation logic is present to filter content from external sources before it influences agent actions.
[Command Execution] (MEDIUM): The skill grants the agent the ability to execute shell commands via npm, npx, and the vercel CLI. While typical for deployment tasks, this capability allows for the installation of arbitrary packages and execution of scripts which could be leveraged if the agent is compromised via prompt injection.
[Dynamic Execution] (MEDIUM): The use of npx and npm install involves the dynamic execution of external code at runtime. Although the skill targets the Vercel ecosystem, it does not specify version locking or integrity checks for these operations.

moai-platform-vercel