edge-deployment
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface. Ingestion points: The agent reads package.json and other local project files to detect frameworks. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands in the project files. Capability inventory: The skill can execute shell commands via npx and npm. Sanitization: No sanitization or validation of the ingested configuration data is performed before it is used to construct shell commands.
- [EXTERNAL_DOWNLOADS]: The skill utilizes npx to fetch and execute official CLI tools from Vercel and Cloudflare (wrangler) for deployment tasks.
- [COMMAND_EXECUTION]: The skill executes various shell commands for building applications (npm run build) and performing platform-specific deployments.
Audit Metadata