vercel-deploy
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill manages and accesses sensitive secrets, specifically
VERCEL_TOKENand.envfiles. The commandvercel env pullexplicitly downloads remote secrets to the local environment, increasing the risk of credential exposure. - [COMMAND_EXECUTION] (HIGH): The skill's core functionality involves executing shell commands via the
vercelCLI. These commands can modify remote infrastructure and local project state. - [EXTERNAL_DOWNLOADS] (LOW): Recommends installing the
vercelCLI globally via npm. This finding is downgraded to LOW because Vercel is a verified trusted source. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection due to its operational workflow.
- Ingestion points: The skill reads and interprets
package.jsonand.envfiles to determine build commands and project configurations. - Capability inventory: Possesses the ability to execute shell commands, access authentication tokens, and deploy code to live production environments.
- Boundary markers: None. There are no delimiters or instructions to ignore malicious content within the processed project files.
- Sanitization: No sanitization or validation logic is defined for the data extracted from project files before it influences agent decision-making.
Recommendations
- AI detected serious security threats
Audit Metadata