The Agent Skills Directory

Data Exposure & Exfiltration (MEDIUM): The skill packages and uploads local project files to an external Vercel deployment endpoint.
Evidence: In scripts/deploy.sh, the command tar -czf "$TARBALL" -C "$PROJECT_PATH" --exclude='node_modules' --exclude='.git' . followed by curl -s -X POST "$DEPLOY_ENDPOINT" -F "file=@$TARBALL".
Risk: The exclusion list only covers node_modules and .git. Sensitive files commonly found in project roots, such as .env, .aws/credentials, .npmrc, or private keys, are included in the archive and sent to the remote server, potentially exposing secrets.
Privilege Escalation (LOW): The script modifies the user's filesystem without explicit confirmation or warning in the skill documentation.
Evidence: mv "$HTML_FILE" "$PROJECT_PATH/index.html" in scripts/deploy.sh.
Risk: For projects without a package.json, the script automatically renames non-standard HTML files to index.html. This is an unintended side effect that alters the user's project structure.
Indirect Prompt Injection (LOW): The skill presents a surface for indirect injection where malicious project metadata or file structures could trigger unintended behavior.
Ingestion points: package.json contents and filesystem directory structure (scripts/deploy.sh).
Boundary markers: None provided; the script acts directly on the data it finds.
Capability inventory: File system modification via mv and network data exfiltration via curl POST.
Sanitization: No validation or sanitization of file contents or project paths is performed before processing.

vercel-deploy