Skills
skills/zhanlincui/ultimate-agent-skills-collection/vercel-deploy/Gen Agent Trust Hub

vercel-deploy

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits local project data to Vercel's official infrastructure (*.vercel.com) for deployment. This behavior is documented as the core functionality and targets a well-known technology service.
  • [COMMAND_EXECUTION]: The skill utilizes a local shell script (deploy.sh) to automate the packaging, framework detection, and API communication required for deployment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted local project files. 1. Ingestion points: Local project files (e.g., package.json, HTML files) within the user-provided deployment path. 2. Boundary markers: None present in the instructions to separate data from agent instructions. 3. Capability inventory: Shell script execution (deploy.sh) providing file system access and network egress. 4. Sanitization: No content validation or sanitization is performed on the files prior to processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 05:22 PM