vercel-deploy

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill packages and uploads the user's entire project to a non-official external deploy endpoint (codex-deploy-skills.vercel.sh) and explicitly suggests escalating sandbox network permissions — behavior that enables unauthorized data exfiltration even though there is no obfuscated backdoor, remote shell, or explicit credential-harvesting routine in the code.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The deploy script uploads the project tarball at runtime to https://codex-deploy-skills.vercel.sh/api/deploy, a required external endpoint that performs remote builds/deployment (i.e., executes the uploaded code), so it directly causes remote code execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs rerunning with escalated sandbox permissions (sandbox_permissions=require_escalated) to bypass networking restrictions and to run arbitrary deployment scripts, which encourages bypassing security controls and could change the host state.