vercel-ci-integration
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides standard templates and instructions for setting up CI/CD pipelines.
- [EXTERNAL_DOWNLOADS]: The GitHub Actions workflows reference official actions from the 'actions' organization ('actions/checkout@v4' and 'actions/setup-node@v4'), which are trusted and well-known sources.
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI ('gh') to securely configure repository secrets ('gh secret set'). This is a secure and intended use of the 'Bash(gh:*)' tool permission.
- [CREDENTIALS_UNSAFE]: The implementation examples correctly demonstrate the use of GitHub Secrets ('${{ secrets.VERCEL_API_KEY }}') rather than hardcoding sensitive credentials. All API key examples use non-functional placeholders.
Audit Metadata