deploying-to-production
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Command Execution (SAFE): The skill executes 'npm run build'. This is a standard operation for web deployments and is consistent with the skill's primary purpose.
- External Services (SAFE): The skill interacts with GitHub and Vercel. These are trusted platforms for software development and deployment.
- Indirect Prompt Injection (LOW): As a deployment tool, there is a theoretical surface where the code being deployed could contain instructions for the agent (Category 8). 1. Ingestion points: Local project files to be built and deployed; 2. Boundary markers: None explicitly defined; 3. Capability inventory: Command execution via npm and API interactions with GitHub/Vercel; 4. Sanitization: Relies on standard build process isolation.
Audit Metadata