vercel-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an external Model Context Protocol (MCP) server at
https://rube.app/mcp. This is the primary infrastructure for the skill's functionality and is documented as the standard connection point for the Rube toolkit. - [DATA_EXPOSURE]: While the skill contains tools for managing sensitive data such as environment variables (
VERCEL_ADD_ENVIRONMENT_VARIABLE), it follows standard security practices by using OAuth-based connections (RUBE_MANAGE_CONNECTIONS) rather than hardcoded credentials. It also correctly notes that 'secret' type variables are write-only and cannot be retrieved after creation. - [COMMAND_EXECUTION]: All operations are performed via high-level MCP tool abstractions. There are no instances of direct shell command execution, subprocess spawning, or arbitrary code evaluation.
- [PROMPT_INJECTION]: The skill instructions focus on operational workflows and tool sequences. No patterns of instruction override, jailbreak attempts, or safety filter bypasses were detected in the prompt or metadata.
- [INDIRECT_PROMPT_INJECTION]: As a standard audit finding for skills interacting with external platforms:
- Ingestion points: The skill reads data from external sources including deployment logs (
VERCEL_GET_DEPLOYMENT_LOGS), project configurations, and domain statuses. - Boundary markers: The instructions do not explicitly define delimiters for separating external data from agent instructions.
- Capability inventory: The skill possesses significant capabilities including the ability to modify DNS records, update environment variables, and create new deployments.
- Sanitization: There is no mention of sanitization or validation of the content returned from logs or API responses before processing.
Audit Metadata