vercel-blob
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior or bypass safety constraints. The content is strictly technical documentation and boilerplate.
- Data Exposure & Exfiltration (SAFE): The skill mentions the requirement of environment variables (BLOB_READ_WRITE_TOKEN) but does not contain hardcoded credentials or scripts that exfiltrate local data to unauthorized domains.
- Obfuscation (SAFE): No evidence of Base64, zero-width characters, homoglyphs, or encoded executable commands was detected in any of the analyzed files.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The project uses official, versioned packages from trusted sources (Vercel and Meta). There are no suspicious 'curl | bash' patterns or unauthorized package installations.
- Privilege Escalation (SAFE): No commands requiring elevated privileges (sudo) or modifications to system-level permissions were found.
- Persistence Mechanisms (SAFE): There are no scripts that attempt to install background services, cron jobs, or modify shell profiles.
- Metadata Poisoning (SAFE): The metadata in plugin.json and the README accurately reflect the skill's purpose without deceptive instructions.
- Indirect Prompt Injection (LOW): While the skill is designed to handle user-provided files (images, PDFs), the risk is minimal as the logic is limited to standard storage operations using the Vercel SDK. The code snippets provided include client-side token security patterns.
- Time-Delayed / Conditional Attacks (SAFE): No logic was found that gates execution based on dates, times, or specific environment triggers.
- Dynamic Execution (SAFE): The skill does not generate or execute code at runtime using eval, exec, or dynamic library loading.
Audit Metadata