vercel-deploy
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Data Exfiltration (MEDIUM): The script 'scripts/deploy.sh' packages local project files and uploads them to 'https://codex-deploy-skills.vercel.sh/api/deploy'. While it attempts to exclude '.env' files, sending source code to a non-official endpoint poses a significant data exposure risk.
- Privilege Escalation (MEDIUM): The 'SKILL.md' file instructs the agent to request 'sandbox_permissions=require_escalated' to bypass sandbox network restrictions, which increases the attack surface.
- Indirect Prompt Injection (LOW): This skill has an attack surface for indirect prompt injection. Ingestion points: 'scripts/deploy.sh' (line 153) reads 'package.json' and project files. Boundary markers: Absent. Capability inventory: The script uses 'curl' (line 191) for network uploads and 'tar' (line 178) for file packaging. Sanitization: Absent; the script uses simple grep pattern matching for framework detection.
- Command Execution (LOW): The skill relies on executing local bash scripts and CLI commands to perform its deployment functions, which is expected behavior but requires careful oversight.
Audit Metadata