observability
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- API Interaction with Official Endpoints: The skill provides instructions for interacting with
api.vercel.comto manage log drains and stream runtime logs. These operations are performed using authenticated requests to official Vercel infrastructure. - Secure Credential Management: Code examples and shell commands use environment variable placeholders (e.g.,
$VERCEL_TOKEN,process.env.VERCEL_TOKEN) instead of hardcoding secrets. This encourages the secure handling of sensitive API keys. - Trusted Dependency Integration: The skill recommends standard, well-known packages for observability, such as
@vercel/analytics,@sentry/nextjs, and@datadog/browser-rum. These are established tools within the ecosystem. - Data Integrity and Verification: A dedicated section covers verifying webhook signatures using HMAC-SHA1. This is a critical security practice to ensure that incoming data from Vercel Drains is authentic and has not been tampered with.
Audit Metadata