Skills
skills/erezrokah/skills/you-dont-need-isr/Gen Agent Trust Hub

you-dont-need-isr

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill configures GitHub Actions workflows to use official actions from the actions organization and installs the vercel CLI from the NPM registry.
  • [COMMAND_EXECUTION]: Utilizes the GitHub CLI (gh) to list workflow runs and recommends the Vercel CLI for building and deploying project artifacts.
  • [DATA_EXFILTRATION]: Performs network operations via WebFetch to retrieve pricing and resource specifications from ubicloud.com and vercel.com. These are well-known technology and cloud service providers relevant to the skill's purpose.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from local project files and external web content to generate code suggestions.
  • Ingestion points: Local Next.js source code (App and Pages routers), project configuration files (package.json, next.config), and data retrieved from external pricing pages.
  • Boundary markers: No specific delimiters or safety instructions are used to separate external data from the analysis logic.
  • Capability inventory: File system access, network operations (WebFetch), command execution via CLI tools, and draft pull request generation.
  • Sanitization: No explicit content sanitization or validation of the ingested code or web content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 08:23 AM