vercel
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill provides instructions to install the 'vercel' CLI via npm. This is a trusted package from a verified organization (Vercel) and is the standard method for using the service.
- [COMMAND_EXECUTION] (SAFE): Commands for deployment and secret management ('vercel env pull', 'vercel env add') are included. These are primary functions of the Vercel CLI and are used here for legitimate project configuration.
- [PROMPT_INJECTION] (LOW): The skill provides templates for API handlers that ingest untrusted data from web requests ('req.query', 'request.json'). This represents an indirect prompt injection surface. Ingestion points: API endpoints in 'api/hello.ts' and 'app/api/route.ts'. Boundary markers: Not present in basic code examples. Capability inventory: Deployment and environment variable management via Vercel CLI. Sanitization: Not explicitly implemented in the provided snippets.
Audit Metadata