vercel-deploy
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill packages and uploads the contents of a user-specified directory to an external Vercel endpoint (
claude-skills-deploy.vercel.com). While the service provider (Vercel Labs) is a trusted entity, the script fails to exclude sensitive files that typically reside in project roots. - Evidence: The
tarcommand inscripts/deploy.shonly excludesnode_modulesand.git. It does not exclude.envfiles,.npmrc,.aws/, or other potential secret containers. - Risk: If an agent is directed to deploy a directory containing secrets, those secrets will be exfiltrated to the remote server and potentially made public via the 'Preview URL' which requires no authentication.
- [COMMAND_EXECUTION] (LOW): The skill executes shell commands to package and deploy files.
- Evidence: Use of
tar,curl, andfindwithinscripts/deploy.shis standard for the stated purpose but relies on the safety of the path provided to the script. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill possesses a high-risk capability tier (External content ingestion + Exfiltration capability).
- Ingestion points: The script reads the entire project directory provided by the agent/user, including specific parsing of
package.json. - Boundary markers: None. The script processes all files in the directory except those explicitly excluded.
- Capability inventory:
curl(network upload),tar(filesystem read),mv(filesystem write). - Sanitization: None. There is no validation or filtering of the file contents before they are transmitted to the external deployment service.
Recommendations
- AI detected serious security threats
Audit Metadata