vercel
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines several
curlcommands to interact with the Vercel API for managing projects, domains, and environment variables. These commands target the officialapi.vercel.comdomain. - [DATA_EXFILTRATION]: The skill uses a
$VERCEL_TOKENenvironment variable for authorization. This token is sent to well-known Vercel API endpoints as part of its standard operation. - [CREDENTIALS_UNSAFE]: The skill includes an example for listing user authentication tokens (
/v6/user/tokens). While a standard API endpoint, it involves the retrieval of sensitive credential metadata.
Audit Metadata