The Agent Skills Directory

[SAFE]: The skill correctly implements environment variable interpolation (e.g., ${VERCEL_API_KEY}) for sensitive Vercel API keys within the configuration templates, preventing the high-risk practice of hardcoding credentials.\n- [SAFE]: No obfuscated URLs, malicious remote code patterns, or unauthorized network operations were identified in the instructions or reference materials.\n- [PROMPT_INJECTION]: The skill architecture processes external environment configuration data, which defines a potential indirect prompt injection surface. However, this is consistent with the primary purpose of the skill and no exploitable instructions were found. The evidence chain for this surface is documented below:\n
Ingestion points: Environment-specific JSON files located in config/vercel/ (e.g., production.json, staging.json).\n
Boundary markers: Absent; the skill does not explicitly instruct the agent to distinguish between configuration data and executable instructions within the JSON files.\n
Capability inventory: The skill allows the use of administrative cloud and secret management tools including aws, gcloud, and vault, along with file system access (Read, Write, Edit).\n
Sanitization: Absent; configuration values are used as-is without explicit validation or sanitization routines described in the instructions.

vercel-multi-env-setup