vercel-cli
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the Vercel CLI and helper utilities like
turbo-ignorevia the Bun package manager from well-known official registries. - [COMMAND_EXECUTION]: Uses various Vercel CLI commands to deploy applications, manage domains, and view deployment logs. It also utilizes standard shell utilities like
source,echo, andwhileloops for automation tasks. - [CREDENTIALS_UNSAFE]: Accesses sensitive local files such as
.env.localand project configuration in.vercel/project.jsonto synchronize secrets and project metadata with the Vercel platform. It also references the use ofVERCEL_TOKENfor authenticated CI/CD operations.
Audit Metadata