vercel-agent-vercel-cli-with-tokens
Warn
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to discover and extract Vercel authentication tokens (typically starting with
vca_) from environment variables and local.envfiles. - Evidence:
SKILL.mdcontains instructions for searching tokens usingprintenv VERCEL_TOKENandgrep '^VERCEL_TOKEN=' .env. - [EXTERNAL_DOWNLOADS]: The skill ensures the Vercel CLI is installed by fetching it from the official npm registry.
- Evidence:
npm install -g vercelcommand inSKILL.md. - [COMMAND_EXECUTION]: The skill executes various system and CLI commands to manage the deployment lifecycle.
- Evidence: Includes execution of
git push,vercel deploy,vercel link, andvercel env add. - [DATA_EXFILTRATION]: Sensitive authentication tokens are retrieved and utilized to interact with Vercel's official platform APIs via the CLI tool.
- [PROMPT_INJECTION]: The skill ingests untrusted data from local files and repository metadata, which presents an attack surface for indirect prompt injection.
- Ingestion points: Reads content from
.envfiles andgit remoteconfiguration inSKILL.md. - Boundary markers: No specific delimiters or warnings are used to isolate untrusted file content from the agent's instructional context.
- Capability inventory: The skill possesses the ability to read local files, perform network deployments, and modify environment configurations.
- Sanitization: Uses standard shell tools like
grep,cut, andsedto extract specific fields, providing minimal structural validation.
Audit Metadata