observability
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [Authentication and Secrets Management]: The skill correctly identifies the use of environment variables for managing sensitive credentials like
VERCEL_TOKENandDRAIN_SECRET. This aligns with best practices for securing API access and verifying data integrity without hardcoding secrets. - [External Package Integration]: The skill recommends several standard industry packages for observability, such as
@vercel/analytics,@sentry/nextjs, and@datadog/browser-rum. These are well-known, trusted libraries used for their intended purpose of error tracking and performance monitoring. - [Official Vendor Interactions]: All documented API calls and CLI commands target official Vercel infrastructure (e.g.,
api.vercel.com). This represents legitimate vendor-provided functionality for retrieving runtime data and managing project settings. - [Indirect Prompt Injection Surface]: By providing patterns for processing runtime logs, the skill establishes a data ingestion surface. While log content is technically untrusted data, the provided implementation focuses on diagnostic parsing and display, presenting a low risk for unintended instruction execution.
Audit Metadata