Deploying to Production
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes local bash scripts (
create-github-repo.sh,deploy-to-vercel.sh) and standard developer commands (npm run build). These are functional requirements for the skill's purpose and are executed using quoted variables to prevent simple shell injection. - [CREDENTIALS_SAFE] (SAFE): No hardcoded secrets, API keys, or tokens were found. The skill correctly instructs users to use standard CLI authentication methods (
gh auth login,vercel login). - [DATA_EXPOSURE] (LOW): The skill operates on a specific local path (
/Volumes/Time/go to wild/websites/). While this exposes the directory structure of the host, it is used for organizational purposes and does not exfiltrate sensitive files. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill includes a pre-deployment step that runs
npm run build. While this involves executing code defined in a project'spackage.json, it is a standard part of the deployment lifecycle for the intended user (the developer owning the project).
Audit Metadata