vercel-cli
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- Authentication Best Practices: The skill explicitly instructs users to use the
VERCEL_TOKENenvironment variable rather than the--tokenflag, noting that flags can leak secrets in process listings. This is an excellent security consideration. - Deployment Protection: The instructions emphasize using
vercel curlto access preview deployments rather than disabling deployment protection, which helps maintain a secure posture during development. - Project Linking Guidance: The skill provides clear instructions on the differences between
vercel linkandvercel link --repo, ensuring that projects are correctly scoped within the Vercel platform and reducing the risk of configuration errors. - Interactive Prompt Management: For automated environments, the skill recommends the use of the
--yesand--non-interactiveflags, ensuring predictable behavior without manual intervention.
Audit Metadata