vercel-optimize
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- Secure Command Execution: The skill uses Node.js
execFileto run Vercel CLI commands, ensuring arguments are passed without shell interpolation and reducing the risk of command injection. - Redaction of Sensitive Data: All internal command outputs and error messages are passed through a redaction utility that masks Vercel tokens and project identifiers, preventing accidental exposure of credentials in logs.
- Deterministic Pipeline Control: The skill employs a pure-logic gating mechanism to determine investigation targets based on quantitative metrics, ensuring the agent remains within a predefined and defensible scope.
- Mechanical Claim Verification: Every recommendation generated by the AI is verified through automated filesystem and metric checks to prevent hallucinations and ensure that proposed code changes are valid and safe.
- Version-Aware Documentation Citing: The skill references a curated allow-list of documentation and framework APIs, preventing the agent from recommending incompatible or non-existent features to the user.
Audit Metadata