vercel-agent-deploy-to-vercel

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Uses standard shell commands such as git and the vercel CLI to determine project state and trigger deployments. It also executes local helper scripts (deploy.sh and deploy-codex.sh) to handle packaging and uploads in sandboxed environments.
  • [EXTERNAL_DOWNLOADS]: Includes instructions to install the official Vercel CLI globally using npm install -g vercel if it is not already present.
  • [DATA_EXFILTRATION]: Transmits project source code to Vercel's official deployment endpoints (claude-skills-deploy.vercel.com and codex-deploy-skills.vercel.sh). The included scripts proactively mitigate data exposure by using tar --exclude to ensure .env files are not uploaded.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:26 PM
Security Audit — agent-trust-hub — vercel-agent-deploy-to-vercel