vercel

[Skill Scanner] Download or install from free hosting/deployment platform detected All findings: [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] This skill/documentation is not malicious in itself: it accurately describes Vercel Deployment Protection and legitimate ways to permit automated access. However, it contains operationally risky guidance: using the protection-bypass secret in query parameters and instructing users to provide the secret to agents can lead to credential leakage or misuse if best practices are not followed. Recommend: prefer the header method over query parameters, avoid asking users to paste secrets in chat or untrusted places, limit secret lifetime and scope, rotate and audit bypass secrets, and add explicit warnings about logging and storage risks. Overall, the content is coherent with its stated purpose but carries moderate operational security risk if misused. LLM verification: This skill file is documentation for using Vercel deployment protection and for enabling automated agents to access protected preview deployments. It does not contain executable or obfuscated malicious code. The main security concerns are operational: it advises use of a protection-bypass secret and shows an insecure example (transmitting the secret in a URL query parameter and storing it in cookies). That practice can leak secrets (browser history, logs, referer headers). Recommend preferring h