vercel-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill identifies a surface for indirect prompt injection due to its operational model. Ingestion points: Data enters the context via tools like VERCEL_GET_DEPLOYMENT_LOGS, VERCEL_GET_RUNTIME_LOGS, and VERCEL_GET_DNS_RECORDS which can contain attacker-controlled content. Boundary markers: The instructions do not define delimiters or warnings to ignore instructions embedded within retrieved data. Capability inventory: The skill has significant write capabilities including VERCEL_ADD_ENVIRONMENT_VARIABLE, VERCEL_CREATE_NEW_DEPLOYMENT, and VERCEL_UPDATE_DNS_RECORD. Sanitization: No validation or sanitization of ingested content is specified.
- [Data Exposure] (SAFE): While the skill manages sensitive credentials like Vercel environment variables, it uses OAuth via RUBE_MANAGE_CONNECTIONS and correctly notes that secret-type variables are write-only and cannot be retrieved after creation.
Audit Metadata