vercel-agent-vercel-cli-with-tokens

Warn

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill is designed to discover and extract Vercel authentication tokens (typically starting with vca_) from environment variables and local .env files.
  • Evidence: SKILL.md contains instructions for searching tokens using printenv VERCEL_TOKEN and grep '^VERCEL_TOKEN=' .env.
  • [EXTERNAL_DOWNLOADS]: The skill ensures the Vercel CLI is installed by fetching it from the official npm registry.
  • Evidence: npm install -g vercel command in SKILL.md.
  • [COMMAND_EXECUTION]: The skill executes various system and CLI commands to manage the deployment lifecycle.
  • Evidence: Includes execution of git push, vercel deploy, vercel link, and vercel env add.
  • [DATA_EXFILTRATION]: Sensitive authentication tokens are retrieved and utilized to interact with Vercel's official platform APIs via the CLI tool.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from local files and repository metadata, which presents an attack surface for indirect prompt injection.
  • Ingestion points: Reads content from .env files and git remote configuration in SKILL.md.
  • Boundary markers: No specific delimiters or warnings are used to isolate untrusted file content from the agent's instructional context.
  • Capability inventory: The skill possesses the ability to read local files, perform network deployments, and modify environment configurations.
  • Sanitization: Uses standard shell tools like grep, cut, and sed to extract specific fields, providing minimal structural validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 3, 2026, 06:26 PM
Security Audit — agent-trust-hub — vercel-agent-vercel-cli-with-tokens