deployment-cicd

SUSPICIOUS. The skill is mostly a benign CI/CD guide, but its Vercel deployment examples route sensitive Vercel tokens through a third-party GitHub Action rather than Vercel's official CLI workflow. That makes the capability slightly inconsistent with least-trust deployment guidance, though there is no strong evidence of malware or exfiltration beyond this credential-forwarding risk.