vercel-deployment
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill has a high-risk vulnerability surface as it processes external project data (ingestion) and possesses execution capabilities (Bash). 1. Ingestion points: package.json, vercel.json, .env. 2. Capability inventory: Bash access for npm, npx, and vercel. 3. Boundary markers: None present. 4. Sanitization: No input validation for external scripts or config.
- Command Execution (HIGH): The
allowed-toolsincludesBash(npm:*, npx:*, vercel:*). This allows the execution of arbitrary shell commands through npm lifecycle hooks (preinstall, postbuild) or npx-invoked binaries. - External Downloads (LOW): The skill facilitates downloading and installing packages from public registries. Per [TRUST-SCOPE-RULE], these downloads are downgraded to LOW, but the inherent risk of executing those packages remains HIGH.
Recommendations
- AI detected serious security threats
Audit Metadata