vercel
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI package (@membranehq/cli) from the public npm registry. This package is the official interface for the Membrane platform, which the skill uses to bridge communication with Vercel.
- [COMMAND_EXECUTION]: The skill uses shell commands via the 'membrane' CLI to perform actions such as logging in, creating connections, and running Vercel-specific operations. These commands are necessary for the skill's stated purpose of managing Vercel infrastructure.
- [DYNAMIC_EXECUTION]: The skill supports the 'membrane action create' command, which allows the generation of new logic or API wrappers based on natural language descriptions. This is a core feature of the Membrane platform for expanding integration capabilities.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for Indirect Prompt Injection because it processes data retrieved from external Vercel accounts (e.g., project names or deployment metadata).
- Ingestion points: Data returned from commands like 'membrane action list' and 'membrane action run'.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat data from the Vercel API as untrusted.
- Capability inventory: The agent can execute CLI commands and request the creation of new actions on the Membrane platform.
- Sanitization: The skill does not define specific sanitization or validation logic for the external data it processes.
Audit Metadata