vercel-deploy-claimable
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local shell script located at /mnt/skills/user/vercel-deploy/scripts/deploy.sh. This script is responsible for the core logic of the skill, including file system traversal and network communication.
- [DATA_EXFILTRATION]: The skill automatically aggregates local files into a compressed tarball archive and uploads them to a remote deployment service. While intended for Vercel, the process involves sending the user's source code to external endpoints. The skill does not explicitly state that sensitive configuration files (like .env) are excluded from this package.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection. 1. Ingestion points: Reads project files (e.g., package.json, HTML files) to perform framework detection and packaging. 2. Boundary markers: None. 3. Capability inventory: File system read access, shell command execution via bash, and network egress to deployment domains. 4. Sanitization: No content validation or sanitization is performed on project files before processing.
Audit Metadata