iblai-vibe-ops-deploy

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various shell commands to build and deploy applications, such as pnpm build and npx vercel deploy. These are standard for development and deployment workflows.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and run the Vercel CLI. This is a standard practice for using up-to-date deployment tooling from a well-known service (Vercel).
  • [CREDENTIALS_UNSAFE]: The skill manages a VERCEL_TOKEN. It provides instructions for users to manually set this token in an environment file (iblai.env) or prompts for it if missing. This follows standard local secret management practices rather than hardcoding credentials.
  • [DATA_EXFILTRATION]: While the skill transmits environment variables from .env.local to Vercel, this is a documented and primary function of the skill (syncing project configuration to the hosting provider). No unauthorized data exfiltration was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 01:00 PM
Security Audit — agent-trust-hub — iblai-vibe-ops-deploy