vercel-templates
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the
vercel-templates-discoveryPython package. This is a specific dependency used to interface with Vercel's template catalog.\n- [PROMPT_INJECTION]: The skill handles untrusted data from the external Vercel catalog, presenting a surface for indirect prompt injection (Category 8).\n - Ingestion points: Untrusted data enters the agent context via the
scraper.search(),scraper.get(), andscraper.all_templates()methods inscripts/query.py.\n - Boundary markers: There are no delimiters or markers used to separate the external data from the agent's instructions.\n
- Capability inventory: The skill scripts contain no high-risk capabilities such as subprocess execution, file-system modifications, or dynamic code execution.\n
- Sanitization: The scraped content is passed to the agent as raw structured data without sanitization or filtering.
Audit Metadata