Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/vercel-prod-checklist/Gen Agent Trust Hub

vercel-prod-checklist

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Vercel CLI (vercel) and common shell utilities (curl, grep, jq, npm) to automate production deployment workflows and health monitoring.
  • [DATA_EXFILTRATION]: Performs network requests via curl to Vercel's official API (api.vercel.com) and user-defined domains. These operations are required for managing production environments and checking service availability, and they target well-known infrastructure.
  • [PROMPT_INJECTION]: The skill processes untrusted data from CLI command outputs and network responses, creating a surface for indirect prompt injection.
  • Ingestion points: CLI output from vercel env ls, vercel ls, and response data from curl health checks.
  • Boundary markers: No specific boundary markers or instructions are provided to the agent to treat external output as untrusted data.
  • Capability inventory: The skill possesses the ability to execute shell commands, perform network operations, and read files.
  • Sanitization: There is no evidence of sanitization or validation of the data retrieved from external tools before it enters the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 01:45 PM