v-swarm

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Vercel MCP toolset (deploy_to_vercel, get_runtime_logs, list_projects) and local CLI commands (git status, vercel logs, tsc --noEmit). These are used according to standard development workflows for the Vercel platform and include explicit anti-patterns preventing execution without user confirmation.
  • [EXTERNAL_DOWNLOADS]: References and documentation are fetched from well-known and official sources including nextjs.org and vercel.com. The skill also references internal knowledge base files (references/*.md) which are included in the package.
  • [PROMPT_INJECTION]: The skill includes clear 'Anti-patterns' and orchestration logic that defines agent behavior. It explicitly warns against fabricating results or bypassing user confirmation for production actions, which serves as a defensive layer against unintended behavior overrides.
  • [DATA_EXFILTRATION]: While the skill accesses runtime logs and build logs via Vercel MCP, this access is scoped to the developer's own Vercel environment for debugging purposes. There are no patterns detected that attempt to send this data to unauthorized third-party domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — v-swarm