vercel-deploy

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill uploads the user's project tarball to an external endpoint and asks for escalated network permissions (with only minimal exclusions like .env), creating a significant risk of unauthorized data exfiltration and exposure of secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The deploy script posts to the public endpoint https://codex-deploy-skills.vercel.sh/api/deploy, parses its JSON response (previewUrl/claimUrl) and then polls the returned preview URL, so the agent ingests and acts on untrusted third-party content from an open web service.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs rerunning with escalated sandbox permissions (sandbox_permissions=require_escalated) to bypass networking restrictions and to run arbitrary deployment scripts, which encourages bypassing security controls and could change the host state.