add-vercel

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste their Vercel personal access token and instructs embedding that token verbatim into onecli commands and vercel CLI invocations (e.g., --value "" and --token placeholder), which requires the LLM to handle/output the secret directly and creates an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly requests a full-account, long-lived Vercel personal access token, stores it in a host-proxy secret and then programmatically assigns that secret to every agent (with instructions to always hide real token via a placeholder), which effectively grants all agents persistent, full control over the user's Vercel account and enables remote code deployment — a clear credential-exposure and backdoor-enabling pattern that could be abused for account takeover or supply-chain compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Pre-Send Checks in container-skills/vercel-cli/SKILL.md explicitly instruct the agent to curl and (optionally) open the deployed public URL to verify the live site, so the agent will fetch and interpret arbitrary public/user-hosted web content which can influence whether it reports success or takes remedial actions.