100Critical
The skill is vulnerable to command injection through unsanitized
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Update Provider Model IDs: This skill covers adding new model IDs and removing obsolete ones across the AI SDK codebase. Each workflow uses search to discover all locations that need changes.
Actually does
This skill instructs a user to use `grep -r` to search for model IDs within `.ts`, `.mdx`, `.md`, and `.snap` files in `packages/`, `content/`, and `examples/` directories. Based on the search results, the user is guided to manually add or remove model IDs from type definitions, documentation, examples, and tests. Finally, the user is instructed to run `pnpm test` for affected packages.
Skill Info
Namevercel/ai/update-provider-models
Registrygithub
Versioncdcdec2f5acb
PURLpkg:github/vercel/ai@cdcdec2f5acb?skill=update-provider-models
Stars23,517
Installs90
Source
SHA-256cf44e87acc2a...
SHA-16a0cd4d20324...
MD50040f897d57f...
TLSH5d12b7465367...
ssdeep192:0XspLTeI...
Size9,606 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Skills.shDocs
npx skills add https://github.com/vercel/ai --skill update-provider-modelsAssessments (1)
AI Agent Traps ↗Command Injection via Unsanitized Inputcriticalcommand execution
The skill constructs shell commands (`grep`, `pnpm`) using placeholders (`<similar-model-id>`, `<model-id>`, `<provider>`) that are likely derived from user input. Without proper sanitization, a malicious input could lead to arbitrary command execution, data exfiltration, or persistence.
90% confidence
grep -r "'<similar-model-id>'" packages/ content/ examples/ --include='*.ts' pnpm --filter @ai-sdk/<provider> test
High-Privilege Codebase Modification Capabilityhighsupply chain
The skill is designed to directly modify source code, type definitions, documentation, and examples within a software development kit. This high-privilege capability, if compromised, could introduce backdoors, malicious code, or lead to supply chain attacks.
100% confidenceline 161
Update Type Definitions, Update Documentation, Create or Update Examples, Update Tests, Remove from Type Definitions
Broad File System Read Access for Reconnaissancemediumreconnaissance
The skill uses `grep -r` across `packages/`, `content/`, and `examples/` directories. This grants the agent broad read access to the codebase, which could be leveraged for reconnaissance to discover sensitive information if the search patterns are manipulated.
90% confidenceline 48
grep -r "'<similar-model-id>'" packages/ content/ examples/ --include='*.ts' --include='*.mdx' --include='*.md'
Version History (2)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/vercel/ai/update-provider-models)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/vercel/ai/update-provider-models"><img src="https://mondoo.com/ai-agent-security/api/badge/github/vercel/ai/update-provider-models.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/vercel/ai/update-provider-models.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow