Skills
skills/treehausdev/skills/github-vercel-setup/Gen Agent Trust Hub

github-vercel-setup

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill automates environment setup by running system commands. It executes sudo apt install gh or sudo dnf install gh to install the GitHub CLI, requiring elevated privileges on Linux systems. It also performs a global installation of the Vercel CLI using npm install -g vercel.
  • [EXTERNAL_DOWNLOADS]: Fetches tools and configurations from trusted and well-known sources. It downloads the official Vercel CLI and Next.js bootstrap tool from the npm registry. It also adds capabilities from the author's own repository using npx skills add treehausdev/skills.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. Ingestion points: The skill accepts project names as user input (PROJECT_NAME) in SKILL.md. Boundary markers: Shell commands do not use delimiters or explicit 'ignore' instructions for the interpolated data. Capability inventory: The user-provided string is used in several terminal operations including npx create-next-app and gh repo create. Sanitization: No explicit sanitization or validation of the PROJECT_NAME input is performed before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 02:42 AM