vercel-ai-sdk
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent/user to run
npx @picahq/mcp. This command downloads and executes code from a package hosted on npm. Since the@picahqorganization is not in the trusted sources list, this constitutes an unverified external download and execution. - DATA_EXFILTRATION (HIGH): The integration pattern explicitly recommends spreading
process.envinto the environment variables of the MCP subprocess (env: { ...process.env ... }). This is a dangerous practice as it exposes every environment variable in the host system (such as database credentials, AWS keys, and other API tokens) to the PICA MCP server code. - COMMAND_EXECUTION (MEDIUM): The skill provides diagnostic shell commands for version alignment that utilize
findwith-exec sh -c. While intended for troubleshooting, these are complex shell operations that can be abused if the environment or paths are manipulated. - REMOTE_CODE_EXECUTION (MEDIUM): The use of
npxto run a remote package without explicit version pinning or integrity checks allows for potential supply chain attacks where a compromised or malicious version of@picahq/mcpcould be executed directly.
Recommendations
- AI detected serious security threats
Audit Metadata