deploy
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill triggers the execution of
npx vercel, which downloads and runs the Vercel CLI at runtime. This is standard and expected behavior for a deployment tool targeting the Vercel platform. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and act upon information from external files such as
features/INDEX.mdand feature specification documents. Evidence: 1. Ingestion points:features/INDEX.md, feature spec files, QA reports. 2. Boundary markers: Absent. 3. Capability inventory:Bash,Write,Edit,Read,Glob. 4. Sanitization: Absent. While this presents an attack surface, it is consistent with the primary purpose of a DevOps agent. - [COMMAND_EXECUTION] (SAFE): The skill utilizes
Bashto run routine development commands such asnpm run buildandnpm run lint. These operations are conducted within the context of standard project maintenance.
Audit Metadata