100Critical
The skill contains critical vulnerabilities including SQL injection, command execution, and SSRF, which enable unauthorized data exfiltration and internal network access, contradicting its stated purpose of secure code analysis.
Skill Info
Namegetsentry/warden-skills/vercel-deepsec
Registrygithub
Version6f720b5c4894
PURLpkg:github/getsentry/warden-skills@6f720b5c4894?skill=vercel-deepsec
Stars56
Installs1
Source
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
1 installs
Skills.shDocs
npx skills add https://github.com/getsentry/warden-skillsAssessments (5)
AI Agent Traps ↗User input is used to construct a URL for a server-side HTTP request. This could allow an attacker to make requests to internal services or cloud metadata endpoints (Server-Side Request Forgery). Validate URLs against an allowlist of permitted hosts and schemes.criticalvulnAML.T0053AML.T0049LLM06:2025LLM05:2025
User input is used to construct a URL for a server-side HTTP request. This could allow an attacker to make requests to internal services or cloud metadata endpoints (Server-Side Request Forgery). Validate URLs against an allowlist of permitted hosts and schemes.
95% confidenceline 1
taint source (line 1): req.nextUrl → sink: fetch(new URL(req.nextUrl.searchParams.get("url")!))User input is used to construct a URL for a server-side HTTP request. This could allow an attacker to make requests to internal services or cloud metadata endpoints (Server-Side Request Forgery). Validate URLs against an allowlist of permitted hosts and schemes.criticalvulnAML.T0053AML.T0049LLM06:2025LLM05:2025
User input is used to construct a URL for a server-side HTTP request. This could allow an attacker to make requests to internal services or cloud metadata endpoints (Server-Side Request Forgery). Validate URLs against an allowlist of permitted hosts and schemes.
95% confidenceline 2
taint source (line 1): req.nextUrl → sink: fetch(url, { redirect: "manual" })Outbound network request primitive in skill code — can transmit data externallycriticaldata exfiltrationAML.T0025AML.T0024LLM02:2025
Outbound network request primitive in skill code — can transmit data externally
95% confidenceline 2
requests.get(request.GET["url"], allow_redirects=True)
Direct shell/command execution sink in skill codehighcommand executionAML.T0050AML.T0053AML.T0072LLM05:2025LLM06:2025
Direct shell/command execution sink in skill code
95% confidenceline 1
subprocess.run(f"git clone {repo_url}", shell=True, check=True)Outbound network request primitive in skill code — can transmit data externallylowdata exfiltrationAML.T0025AML.T0024LLM02:2025
Outbound network request primitive in skill code — can transmit data externally
95% confidenceline 1
fetch(new URL(req.nextUrl.searchParams.get("url")!))Outbound network request primitive in skill code — can transmit data externallylowdata exfiltrationAML.T0025AML.T0024LLM02:2025
Outbound network request primitive in skill code — can transmit data externally
95% confidenceline 2
fetch(url, { redirect: "manual" })User input flows into a SQL query without proper sanitization. This could lead to SQL injection. Use parameterized queries with placeholders (?) or %s and pass parameters as a separate tuple/list argument.criticalvuln
User input flows into a SQL query without proper sanitization. This could lead to SQL injection. Use parameterized queries with placeholders (?) or %s and pass parameters as a separate tuple/list argument.
95% confidenceline 1
taint source (line 1): request.GET['email'] → sink: f"SELECT * FROM users WHERE email = '{request.GET['email']}'"Description Mismatchhighdescription mismatchAML.T0011.000LLM06:2025LLM09:2025
The skill's own code contains multiple critical and low-severity security vulnerabilities, including SSRF, SQL injection, and dangerous command execution primitives, which contradict its stated purpose of performing secure code analysis.
85% confidence
Static analysis summary flags: [critical] js-ssrf-request, [critical] python-sql-injection, and [low] AISEC_BEHAVIOR_PY_DANGEROUS_EXEC.
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/getsentry/warden-skills/vercel-deepsec)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/getsentry/warden-skills/vercel-deepsec"><img src="https://mondoo.com/ai-agent-security/api/badge/github/getsentry/warden-skills/vercel-deepsec.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/getsentry/warden-skills/vercel-deepsec.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow