Skills
skills/vercel/vercel-deploy-claude-code-plugin/logs/Gen Agent Trust Hub

logs

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (MEDIUM): The skill instructs the agent to read and analyze external content (deployment logs) which may contain attacker-controlled data. There are no boundary markers or instructions to ignore embedded commands.
  • Ingestion points: SKILL.md (output from vercel logs).
  • Boundary markers: Absent.
  • Capability inventory: vercel ls, vercel logs (subprocess execution).
  • Sanitization: Absent.
  • Command Execution (LOW): The skill relies on the vercel CLI. While this is a standard tool, it executes commands in the host environment. The usage here is limited to logging and listing, which is low risk assuming the user is already authenticated.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 03:21 AM