vp-skills

SUSPICIOUS: the skill’s behavior matches its stated purpose and the CLI/discovery sources appear first-party Vercel ecosystem components, so there is no strong sign of credential theft or deceptive data routing. However, this skill’s core function is transitive skill installation via `npx`, which expands the agent’s trusted instruction surface and can import unreviewed third-party skills; that makes it medium risk despite otherwise coherent purpose and provenance.