vercel
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill's primary installation method is 'curl -sSL https://canifi.com/skills/vercel/install.sh | bash'. This is a confirmed RCE vector that executes unverified code from an untrusted domain directly on the host machine.\n- EXTERNAL_DOWNLOADS (HIGH): The skill downloads resources from 'canifi.com', which is not a trusted source. This includes the skill installer and the 'canifi-env' utility.\n- COMMAND_EXECUTION (HIGH): The use of piped shell scripts allows for arbitrary command execution that is not subject to static analysis or agent safety filters.\n- CREDENTIALS_UNSAFE (HIGH): The skill encourages users to store 'SERVICE_PASSWORD' and 'SERVICE_EMAIL' in the 'canifi-env' tool. Because this tool is installed via an untrusted RCE vector, there is a severe risk that credentials could be exfiltrated.\n- PROMPT_INJECTION (LOW): Indirect Prompt Injection vulnerability surface. Ingestion points: Vercel build logs and deployment status (SKILL.md). Boundary markers: Absent. Capability inventory: Remote script execution and shell access. Sanitization: None documented. An attacker could potentially embed instructions in build logs to influence agent behavior.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/vercel/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata