Security risk report for @forgecat/vercel-labs_agent-skills_deploy-to-vercel v0.0.8
Source Integrity
Low
Profile is sourced from the official Vercel Labs agent-skills repository (https://github.com/vercel-labs/agent-skills), a trusted upstream.
Metadata indicates MIT license and clear authorship attribution to Vercel, reducing supply-chain risk.
Agent Intent
Low
Content describes legitimate deployment workflows (git push, CLI linking, authentication) without instructing the agent to exfiltrate credentials, read sensitive files, or hide its instructions.
No prompt injection, system prompt leakage, or guidance poisoning detected; the skill documents standard Vercel CLI usage patterns and best practices (e.g., 'always deploy as preview unless explicitly asked for production').
References to `.env` exclusion in the tarball fallback and credential caching are defensive measures, not malicious instructions.
Details
Evidence
"Always deploy as preview (not production) unless the user explicitly asks for production."
"Do NOT use `vercel project inspect`, `vercel ls`, or `vercel link` to detect state in an unlinked directory — without a `.vercel/` config, they will interactively prompt (or with `--yes`, silently link as a side-effect). Only `vercel whoami` is safe to run anywhere."
"packages the project (excluding `node_modules`, `.git`, `.env`)"
Permissions
PRM-000Medium
The skill drives shell commands (git, vercel CLI, bash scripts) which constitute medium-to-high agency, though these are directly tied to the stated deployment purpose.
It instructs committing and pushing code on behalf of the user ('git add . && git commit && git push'), which is a significant action requiring explicit user approval — the skill does ask for confirmation before pushing.
Installing the Vercel CLI globally via `npm install -g vercel` and running `vercel login` are elevated actions, but remain within the scope of a deployment skill.