vercel-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the user to add an external MCP server endpoint (
https://rube.app/mcp). This source is not included in the pre-verified trusted organizations or repositories list, representing a potential supply-chain risk if the third-party service is compromised. - DATA_EXFILTRATION (LOW): The skill provides tools for managing sensitive platform data, specifically environment variables via
VERCEL_LIST_ENV_VARIABLESandVERCEL_ADD_ENVIRONMENT_VARIABLE. While this is the primary purpose of the skill, it exposes sensitive secrets and credentials to the agent context. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its interaction with untrusted build and runtime logs.
- Ingestion points:
VERCEL_GET_DEPLOYMENT_LOGSandVERCEL_GET_RUNTIME_LOGSread data that can be influenced by external actors who can trigger builds or generate application output. - Boundary markers: Absent. No instructions are provided to the agent to treat log data as untrusted or to use delimiters.
- Capability inventory: The skill possesses high-privilege capabilities including modifying DNS records (
VERCEL_CREATE_DNS_RECORD), adding environment variables, and creating new deployments. - Sanitization: No sanitization or validation of the log content is implemented or recommended in the workflow.
Audit Metadata