deploy-to-vercel
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Deployment Operations: The skill utilizes the Vercel CLI and provided shell scripts to automate project deployments. These tools are used to check authentication, link projects, and trigger builds, which are standard operations for a deployment-focused utility.
- Sensitive File Handling: The included deployment scripts (
deploy.shanddeploy-codex.sh) implement safety measures by explicitly excluding.envfiles,.gitdirectories, andnode_moduleswhen packaging code for upload. This practice reduces the risk of accidentally sharing local secrets or repository metadata. - Network Interactions: To enable deployments in restricted environments, the skill sends project archives to official Vercel-managed endpoints. These network calls are necessary for the skill's core functionality and are directed toward the service provider's infrastructure.
- Command Execution: The skill uses standard CLI commands such as
git,npm, andvercel. It performs checks for existing project configurations and authenticated sessions before proceeding with deployment actions, ensuring a consistent state before making changes. - Dependency Management: If the Vercel CLI is not present, the skill provides instructions to install the official package via a standard package manager. This ensures that the environment is correctly configured with the necessary tools for the deployment process.
Audit Metadata