100Critical
The skill is vulnerable to command injection
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Update Provider Model IDs: This skill covers adding new model IDs and removing obsolete ones across the AI SDK codebase. Each workflow uses search to discover all locations that need changes.
Actually does
This skill instructs the user to use `grep -r` to search for model IDs within `.ts`, `.mdx`, `.md`, and `.snap` files across `packages/`, `content/`, and `examples/` directories. It then guides the user to manually modify these files to add or remove model IDs from type definitions, documentation, examples, and tests. Finally, it instructs the user to run `pnpm test` for affected packages.
Skill Info
Namevercel/ai/update-provider-models
Registrygithub
Version02e933667b41
PURLpkg:github/vercel/ai@02e933667b41?skill=update-provider-models
Stars23,517
Installs90
Source
SHA-256cf44e87acc2a...
SHA-16a0cd4d20324...
MD50040f897d57f...
TLSH5d12b7465367...
ssdeep192:0XspLTeI...
Size9,606 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Skills.shDocs
npx skills add https://github.com/vercel/ai --skill update-provider-modelsAssessments (1)
AI Agent Traps ↗Command Injection via unsanitized shell commandscriticalcommand execution
The skill constructs and executes `grep` and `pnpm` shell commands using user-provided model IDs and provider names. Lack of input sanitization allows for command injection, enabling an attacker to execute arbitrary commands on the host system.
100% confidence
grep -r "'<similar-model-id>'" packages/... pnpm --filter @ai-sdk/<provider> test
Code and Content Injection in source/documentation fileshighcode injection
The skill modifies TypeScript (`.ts`) and Markdown/MDX (`.mdx`) files by inserting or replacing user-provided model IDs. If a malicious model ID containing code (e.g., JavaScript) or harmful Markdown/HTML is provided, it could lead to code execution during build or XSS in rendered documentation.
100% confidence
export type SomeModelId = ... | 'new-model-id' // ← add in sorted position
Update code snippets like `const model = provider('old-model')`Path Traversal and Arbitrary File Operationshighfile system manipulation
The skill creates new example files with names derived from the model ID (e.g., `<model-kebab>.ts`) and can delete dedicated example files. If the model ID contains path traversal sequences (e.g., `../../`), an attacker could create or delete files outside the intended directories.
90% confidence
examples/ai-functions/src/generate-text/<provider>/<model-kebab>.ts Delete dedicated example files only if no unique feature is demonstrated
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/vercel/ai/update-provider-models)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/vercel/ai/update-provider-models"><img src="https://mondoo.com/ai-agent-security/api/badge/github/vercel/ai/update-provider-models.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/vercel/ai/update-provider-models.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow