publish-research-site
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development tools including
npm,vercel,gh, andyt-dlp. These are used for building the site, deploying to Vercel, and interacting with GitHub repositories. - [EXTERNAL_DOWNLOADS]: The skill fetches the Vercel CLI and project dependencies from the official NPM registry. These downloads originate from well-known and trusted services.
- [REMOTE_CODE_EXECUTION]: The command
npx vercel@latestis used to download and execute the deployment tool at runtime. This is a standard practice for ensuring the latest version of the CLI is used during deployment. - [INDIRECT_PROMPT_INJECTION]: The skill processes external web content through a deep research phase to generate website code. While this creates a surface for indirect prompt injection, the skill mitigates this by using a structured site brief template and requiring local verification and build steps before deployment.
- Ingestion points: Web research data processed via the
$deep-researchskill. - Boundary markers: Use of
references/site-brief-template.mdto structure information. - Capability inventory: Build (
npm run build) and deployment (vercel --yes) commands. - Sanitization: Local verification checks (linting, production builds) are mandated before deployment.
Audit Metadata