The Agent Skills Directory

[DATA_EXFILTRATION] (HIGH): The script scripts/deploy.sh archives the contents of the current or specified directory and uploads it to an external endpoint: https://claude-skills-deploy.vercel.com/api/deploy. \n
The tar command excludes only node_modules and .git, meaning it includes sensitive files such as .env, .env.local, .aws/credentials, or SSH keys that may be present in the project root.\n
The deployment target is a specific subdomain of Vercel rather than the standard API (api.vercel.com), which is not part of the trusted domain list for exfiltration analysis.\n
The documentation in SKILL.md includes instructions for the user to lower their security posture by whitelisting *.vercel.com in their AI agent settings, facilitating the exfiltration process.\n- [COMMAND_EXECUTION] (LOW): The skill performs several filesystem operations using find, mv, and tar.\n
It automatically renames local files (specifically renaming single .html files to index.html) without explicit user consent for each operation, potentially altering the user's project structure unexpectedly.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from the local environment which could influence subsequent agent behavior.\n
Ingestion points: Local project files and the package.json file processed in scripts/deploy.sh.\n
Boundary markers: Absent; there are no delimiters or instructions provided to the agent to ignore potentially malicious instructions embedded within the files being deployed.\n
Capability inventory: The skill possesses network upload capabilities (curl), filesystem modification (mv), and archiving tools (tar).\n
Sanitization: No validation or sanitization of file contents or metadata is performed before packaging and uploading the data.

vercel-deploy