# SCAN — HackerOne (Vercel Open Source) — 2026-02-15

## Targets Added
- https://github.com/vercel/ai (program: vercel-open-source)
- https://github.com/vercel-labs/agent-skills (program: vercel-open-source)

## Automated Scans

### semgrep (p/security-audit + p/owasp-top-ten)

vercel/ai
- 4 findings
- Notable:
  - `.github/workflows/prettier-on-automerge.yml`: `run:` step uses `${{ ... }}` with `github` context (potential GitHub Actions command injection depending on event type, permissions, and secret availability)
  - `packages/codemod/src/lib/transform.ts`: `child_process` usage flagged (likely CLI/codemod surface; needs threat model check for user-controlled input in a hosted environment)

vercel-labs/agent-skills
- 0 findings

## Next Manual Checks (High ROI)

vercel/ai
- Confirm the workflow trigger (pull_request vs pull_request_target vs workflow_run) and whether it runs on untrusted PR content with write permissions/secrets.
- Check if the codemod runner is ever exposed as a service; if it is strictly local developer tooling, ignore.

vercel-labs/agent-skills
- Quick grep review for SSRF/file path traversal in any server-side components (if present).