The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The script scripts/deploy-preview.sh uses unquoted variable expansions when executing commands, which allows for argument injection.
In the deploy command, the $EXTRA variable is unquoted: vercel ... $EXTRA. An attacker could provide a value like --token <malicious_token> to hijack the deployment context or redirect output.
The audit command concatenates the $URL variable directly into a curl string: curl ... "...url=${URL}&...". If the URL contains an ampersand or other URL-sensitive characters, it can manipulate the API request parameters.
REMOTE_CODE_EXECUTION (HIGH): The deploy-branch command executes git pull on a user-specified repository path and branch. This involves fetching and merging remote code into the local environment, which is a high-risk operation if the repository or branch is influenced by an untrusted source.
EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of the Vercel CLI via npm i -g vercel. While Vercel is a trusted source, the skill's reliance on a global binary installation introduces a dependency on external package integrity.
PROMPT_INJECTION (HIGH) [Indirect]: The skill implements an Indirect Prompt Injection surface.
Ingestion points: The logs command fetches build logs from Vercel, and the audit command fetches data from the Google PageSpeed Insights API.
Boundary markers: None are present. The agent receives the raw logs or JSON output.
Capability inventory: The skill can execute deployments (vercel deploy --prod), modify the local filesystem via git checkout/pull, and perform authenticated network requests.
Sanitization: No sanitization is performed on the logs or API responses. If an attacker injects malicious instructions into a build log (e.g., via a failing test name or compiler error), the agent reading those logs might be coerced into executing unintended deployment or git commands.

deploy-preview