vercelops
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to its interaction with external Vercel CLI outputs. \n
- Ingestion points: The skill reads data from the Vercel platform using commands such as
vercel logs,vercel ls, andvercel inspect(SKILL.md). \n - Boundary markers: No specific delimiters are defined in the instructions to distinguish between trusted CLI output and potential malicious instructions embedded in logs or project names. \n
- Capability inventory: The skill possesses destructive capabilities, including deleting deployments (
vercel rm) and projects (vercel projects rm), and modifying environment variables (vercel env add/rm) (SKILL.md). \n - Sanitization: No explicit sanitization or validation logic for CLI output is mentioned. \n
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill references the installation and updating of the Vercel CLI. \n
- Evidence: Prerequisite step
npm i -g verceland thevercel upgradecommand (SKILL.md). \n - Context: These operations target Vercel, which is a well-known technology service, and are considered safe standard operations for this skill's use case. \n
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill manages sensitive configuration data including environment variables and secrets. \n
- Evidence: Use of commands like
vercel env add,vercel secrets add, and reference to--token $VERCEL_TOKEN(SKILL.md). \n - Context: This is the primary intended purpose of the skill for managing cloud deployments and does not involve unauthorized exfiltration.
Audit Metadata