Skills
NYC
skills/qodex-ai/ai-agent-skills/deployment-automation/Gen Agent Trust Hub

deployment-automation

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data in the form of build logs from the Vercel MCP tool.
  • Ingestion points: Vercel MCP tool log fetching (Step 2).
  • Boundary markers: None identified; instructions do not explicitly tell the agent to ignore instructions embedded within the logs.
  • Capability inventory: The skill has the ability to run shell commands (vercel --prod) and modify local source code to apply 'fixes'.
  • Sanitization: No sanitization or validation of log content is mentioned before the agent analyzes it for code modification tasks.
  • [COMMAND_EXECUTION] (SAFE): The skill utilizes the vercel CLI to perform its primary function. While it executes commands, these are restricted to the intended deployment purpose and do not show signs of arbitrary command injection vulnerability in the instructions themselves.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:01 PM