The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The skill's setup instructions guide users to store the VERCEL_TOKEN (a highly privileged credential) in environment variables and shell profiles (~/.bashrc). This exposes the token to any script or process running in the user's environment.
[Persistence Mechanisms] (HIGH): By instructing users to echo the export command into ~/.bashrc, the skill ensures the sensitive token remains active across all future terminal sessions, increasing the window of opportunity for credential theft.
[Unverifiable Dependencies & Remote Code Execution] (LOW): The scripts rely on npx vercel to fetch and run the Vercel CLI. Although Vercel is a trusted entity per the security guidelines, this pattern involves executing code downloaded from a remote registry at runtime.
[Dynamic Execution] (MEDIUM): The script vercel_deploy.sh assembles a command string at runtime based on variables and then executes it unquoted ($CMD). This is a form of dynamic execution that can be brittle or exploited if variables are manipulated.
[Indirect Prompt Injection] (LOW): The skill provides an attack surface for indirect prompt injection as it ingests project names and environment variable values from the user context and interpolates them into bash scripts. Evidence Chain: 1. Ingestion points in vercel_deploy.sh, vercel_env.sh, and vercel_status.sh. 2. Boundary markers are absent. 3. Capabilities include npx execution and network operations. 4. Sanitization is absent beyond shell quoting.

vercel-deploy