vercel-deploy
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (HIGH): The
deploy.shscript packages the entire project directory into a tarball and uploads it tohttps://claude-skills-deploy.vercel.com/api/deployviacurl. - While it excludes
node_modulesand.git, it does NOT exclude sensitive files such as.env,.env.local,secrets.json, or SSH keys if they are present in the target directory. - An attacker or a malicious project could lead to the unintended exfiltration of credentials to the remote deployment service.
- Indirect Prompt Injection (HIGH): The skill possesses a high-risk capability tier for indirect injection because it processes external/untrusted content (the project directory) and has both network exfiltration (
curl) and file modification (mv) capabilities. - Ingestion points:
INPUT_PATHprovided to the script, which reads all files in that directory. - Boundary markers: None. The script does not warn the agent or user about potential instructions embedded in the project files.
- Capability inventory:
tar(read),curl(network upload),mv(file write/rename). - Sanitization: None. The script performs a recursive package and upload of the provided path.
- Command Execution (LOW): The script uses standard utilities (
tar,find,mv,curl) to perform its tasks. While it usesmvto rename HTML files, the operation is restricted to the local directory, though it lacks validation that the source file is actually the intended target.
Recommendations
- AI detected serious security threats
Audit Metadata