vercel-agent-vercel-optimize

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill performs its operations locally and only communicates with official Vercel APIs via the authenticated Vercel CLI. It includes a comprehensive redaction utility in lib/vercel.mjs that automatically masks authorization headers, project IDs, and team IDs in all command output and error logs to prevent accidental data exposure.
  • [COMMAND_EXECUTION]: The skill orchestrates several shell commands to retrieve data, including vercel metrics, vercel usage, vercel api, and search utilities like rg (ripgrep). These are executed safely using child_process.execFile with argument arrays, which avoids the risks associated with shell interpolation. A dedicated throttling and retry logic in lib/throttle.mjs ensures these executions respect platform rate limits.
  • [PROMPT_INJECTION]: The skill uses a multi-agent 'brief' system to guide investigation. While it processes untrusted local source code, it employs a deterministic verification engine (lib/verify-claim.mjs) that mechanically checks every claim (counts, snippets, file existence) against the filesystem and metrics. Recommendations that fail verification or contradict the known project state are automatically withheld or sent for regeneration, providing a strong defense against indirect prompt injection and AI hallucination.
  • [EXTERNAL_DOWNLOADS]: The skill references and encourages the use of official Vercel documentation and CLI tools. All cited URLs are validated against a curated, version-aware allow-list in references/docs-library.json, preventing the agent from following or suggesting malicious or non-existent external links.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:27 PM
Security Audit — agent-trust-hub — vercel-agent-vercel-optimize