Skills
AGENT LAB: SKILLS
skills/composiohq/awesome-claude-skills/vercel-automation/Gen Agent Trust Hub

vercel-automation

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill creates a dangerous attack surface by combining log reading with high-privilege write operations.
  • Ingestion points: Untrusted data enters the context via VERCEL_GET_DEPLOYMENT_LOGS and VERCEL_GET_RUNTIME_LOGS (SKILL.md).
  • Boundary markers: None. There are no instructions to treat log output as untrusted or to ignore embedded commands.
  • Capability inventory: The skill includes high-impact tools such as VERCEL_CREATE_DNS_RECORD, VERCEL_ADD_ENVIRONMENT_VARIABLE, and VERCEL_DELETE_ENVIRONMENT_VARIABLE (SKILL.md).
  • Sanitization: No evidence of sanitization or filtering of log content. An attacker could inject instructions into build/runtime logs that trick the agent into reconfiguring the production environment.
  • [Data Exfiltration] (HIGH): The skill provides tools to list and manage sensitive project configuration.
  • Evidence: VERCEL_LIST_ENV_VARIABLES allows the agent to retrieve environment variable metadata and non-secret values. While Vercel secrets are write-only, other sensitive configuration data is exposed to the agent and the external MCP server.
  • [External Dependency] (MEDIUM): The skill requires the use of an untrusted external service endpoint.
  • Evidence: The setup instructions require adding https://rube.app/mcp as an MCP server. This domain is not within the defined trusted scope, and all Vercel traffic and authentication flows through this third-party proxy.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 09:16 PM