The Agent Skills Directory

[DATA_EXFILTRATION]: The scripts/deploy.sh script creates a compressed archive of the project source code and transmits it to a Vercel-owned endpoint (https://claude-skills-deploy.vercel.com/api/deploy) using curl to facilitate 'claimable' deployments.
[DATA_EXPOSURE]: The archiving mechanism in scripts/deploy.sh uses tar to collect all project files with minimal exclusions (only node_modules and .git). This broad collection behavior is likely to capture sensitive environment files (e.g., .env, .env.local) or other secret-bearing configuration files present in the root directory, resulting in their exposure to the remote endpoint.
[COMMAND_EXECUTION]: The skill executes various shell commands, including tar for archiving, curl for network transfers, and the official vercel CLI for standard project management and deployment operations.
[EXTERNAL_DOWNLOADS]: The skill interacts with the Vercel API and CLI infrastructure, which are established technology services.
[INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests untrusted project data and metadata to drive its deployment logic.
Ingestion points: The scripts/deploy.sh script reads package.json and the project file list to detect frameworks and package assets.
Boundary markers: There are no boundary markers or explicit safety instructions to prevent the agent from being influenced by malicious content embedded within the project files.
Capability inventory: The skill has access to shell execution (tar, curl, vercel), file system operations, and network exfiltration.
Sanitization: There is no evidence of validation or sanitization of the ingested project data before it is processed by the deployment logic.

vercel-deploy