vercel-deploy
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Data Exfiltration (MEDIUM): The scripts/deploy.sh script creates a tarball of the project and uploads it to https://codex-deploy-skills.vercel.sh/api/deploy. Although it attempts to filter out .env and .git directories, other sensitive information within the project files could still be exfiltrated to this external endpoint.
- Command Execution (MEDIUM): The skill relies on executing local bash scripts and system commands (tar, curl) to perform file operations and network requests.
- Privilege Escalation (MEDIUM): SKILL.md explicitly instructs the agent to use sandbox_permissions=require_escalated if network access is blocked, which is an attempt to override standard sandbox constraints.
- Indirect Prompt Injection (LOW): The skill processes user-controlled local file data. (1) Ingestion points: The scripts/deploy.sh script reads from a user-provided directory path. (2) Boundary markers: No delimiters are used in the output returned to the agent. (3) Capability inventory: Includes file system reading (tar) and network transmission (curl). (4) Sanitization: Includes basic exclusion of .env and .git paths.
Audit Metadata