Skills
skills/midudev/autoskills/deploy-to-vercel/Gen Agent Trust Hub

deploy-to-vercel

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various Vercel CLI and git commands (e.g., vercel deploy, vercel link, git push) to manage the project deployment lifecycle.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the Vercel CLI globally using npm install -g vercel when it is not present in the environment.
  • [DATA_EXFILTRATION]: For sandboxed environments, the skill uses helper scripts (deploy.sh and deploy-codex.sh) to upload project code to Vercel's deployment APIs. These scripts implement security measures to ensure sensitive files, such as .env and the .git directory, are excluded from the upload.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted local data (such as package.json and git remote configurations) to identify project frameworks and link projects. This activity is restricted to framework detection and configuration and does not include execution of the processed data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 05:01 AM