deployments-cicd
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- Credential Handling Best Practices: The skill outlines the necessity of VERCEL_TOKEN, VERCEL_ORG_ID, and VERCEL_PROJECT_ID for CI/CD pipelines. It includes explicit instructions to store these as secrets and never commit them to source control, which aligns with standard security practices.
- Official Tooling and Dependencies: Installation of the vercel CLI via npm is recommended for CI environments. As this is the official command-line interface provided by the vendor for managing deployments, this is considered standard and expected functionality.
- CI/CD Pipeline Configuration: The provided examples for GitHub Actions, GitLab CI, and Bitbucket Pipelines use secure methods for injecting secrets into the environment. These patterns represent well-established methods for automating deployments securely.
- Trusted Documentation Links: All referenced external resources lead to official documentation on vercel.com, providing a secure path for users to verify instructions or seek additional details.
- Input Surface Considerations: Several commands take external inputs such as deployment URLs or IDs. While these are necessary for functions like inspection or promotion, users should ensure these identifiers originate from trusted sources within their workflow.
Audit Metadata