adynato-vercel
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute a wide range of powerful system commands, including
vercel deploy,vercel env pull, andnpm run build. These commands can modify project states, retrieve environment variables, and execute arbitrary build scripts. - [EXTERNAL_DOWNLOADS] (LOW): The skill recommends installing the
vercelCLI vianpm install -g vercel. Per [TRUST-SCOPE-RULE], this is downgraded to LOW as Vercel is a recognized and trusted deployment platform. - [Indirect Prompt Injection] (MEDIUM): The skill is intended for 'troubleshooting deployment issues', which requires the agent to ingest and reason about external data such as build logs and error messages.
- Ingestion points: Vercel build logs, CLI error outputs, and dashboard logs referenced in the 'Troubleshooting' and 'Debug steps' sections.
- Boundary markers: None identified. There are no instructions to the agent to treat external logs as untrusted data.
- Capability inventory: The skill provides full access to the Vercel CLI (
vercel), including deployment, environment variable management, and project linking. - Sanitization: None. The skill assumes logs are informative and does not suggest sanitizing log content before the agent interprets it for next steps.
- [DATA_EXPOSURE] (LOW): The skill explains how to access sensitive files like
.vercel/project.jsonand.env.local. While these are legitimate parts of the Vercel workflow, an agent with this skill has the capability to read and potentially expose project IDs and local secrets.
Audit Metadata