vercel-sandbox
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands within an ephemeral Vercel Sandbox microVM. These include system package management via 'dnf', global package installation with 'npm', and browser automation commands using the 'agent-browser' CLI. Since these operations occur within an isolated microVM, the risk to the host environment is mitigated.
- [EXTERNAL_DOWNLOADS]: Fetches and installs the '@vercel/sandbox' and 'agent-browser' Node.js packages from the official npm registry. It also downloads Chromium system dependencies from official Amazon Linux OS repositories during the sandbox initialization phase.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from untrusted external websites via accessibility snapshots and browser interactions.
- Ingestion points: External web content is retrieved and processed in the 'snapshotUrl', 'screenshotUrl', and 'fillAndSubmitForm' functions.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are used when processing the retrieved web content.
- Capability inventory: The skill possesses the ability to execute shell commands within the sandbox VM using 'sandbox.runCommand'.
- Sanitization: Website content and titles are processed and returned without sanitization or filtering for malicious instructions.
Audit Metadata