vercel-templates

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the vercel-templates-discovery Python package. This is a specific dependency used to interface with Vercel's template catalog.\n- [PROMPT_INJECTION]: The skill handles untrusted data from the external Vercel catalog, presenting a surface for indirect prompt injection (Category 8).\n
  • Ingestion points: Untrusted data enters the agent context via the scraper.search(), scraper.get(), and scraper.all_templates() methods in scripts/query.py.\n
  • Boundary markers: There are no delimiters or markers used to separate the external data from the agent's instructions.\n
  • Capability inventory: The skill scripts contain no high-risk capabilities such as subprocess execution, file-system modifications, or dynamic code execution.\n
  • Sanitization: The scraped content is passed to the agent as raw structured data without sanitization or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 01:32 PM
Security Audit — agent-trust-hub — vercel-templates