Security risk report for @forgecat/openai_skills_vercel-deploy v0.0.10
Source Integrity
Low
Profile is attributed to OpenAI's official skills repository with a specific commit hash and Apache-2.0 license.
Sourced from a known, legitimate platform (codex/GitHub) with clear provenance metadata.
Agent Intent
Low
Content describes legitimate deployment functionality without injecting hidden instructions or role hijacking.
No guidance to read credentials, exfiltrate data, reveal system prompts, or install malicious payloads.
Fallback script execution is documented transparently as a deployment method, not a covert instruction.
Details
Evidence
Profile states clear, legitimate purpose: 'Deploy applications and websites to Vercel.'
Instructions explicitly restrict production deploys to user request: 'Always deploy as preview (not production) unless the user explicitly asks.'
Troubleshooting section transparently explains escalated permissions as a network access requirement, not a hidden directive.
Permissions
PRM-000Medium
The skill drives shell command execution (vercel CLI, bash scripts) which is a medium-to-high risk capability for a deployment profile, though deployment inherently requires some shell access.
Requesting escalated sandbox permissions (`sandbox_permissions=require_escalated`) goes beyond minimal authority and could allow broader network or system access than strictly necessary.
No file_write/file_delete/file_mutate tools are explicitly declared, but the bash script fallback could perform arbitrary filesystem operations.
Details
Evidence
"vercel deploy [path] -y" and "vercel deploy [path] --prod -y" — direct shell invocations.