vercel-cli
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [Secure Authentication Management]: The skill correctly identifies that authentication tokens should be managed via environment variables (e.g.,
VERCEL_TOKEN) rather than command-line flags, which prevents secrets from being exposed in process listings or shell history. - [Project Configuration Access]: The skill interacts with standard Vercel configuration files like
.vercel/project.jsonand.env.local. This is necessary for linking projects and managing environment variables locally, following the platform's standard development workflow. - [Deployment Protection Enforcement]: The instructions explicitly advise against disabling deployment protection, recommending the use of the
vercel curlcommand instead. This ensures that preview deployments remain secured while remaining accessible to authenticated users. - [Standard Package Installation]: The skill references the installation of the official Vercel CLI via standard package managers (
npm,pnpm,yarn,bun). These are well-known, official distribution channels for the vendor's tooling.
Audit Metadata