Security risk report for @forgecat/vercel-labs_agent-skills_vercel-cli-with-tokens v0.0.8
Source Integrity
Low
Profile is sourced from official Vercel Labs agent-skills repository (vercel-labs/agent-skills), a legitimate upstream project.
Metadata correctly attributes authorship and provides commit hash (47863b2) for supply-chain traceability.
Agent Intent
Low
Content describes legitimate Vercel CLI workflows (deploy, link, env management) without injecting hidden instructions or role hijacking.
No instructions to read unrelated credentials (~/.ssh, ~/.aws), exfiltrate data to external hosts, reveal system prompts, or install remote payloads.
Token-handling guidance (export VERCEL_TOKEN, avoid --token flags) is security-conscious best practice, not poisoning — it explicitly warns against exposing secrets in shell history.
Details
Evidence
"do not pass it as a `--token` flag. Putting secrets in command-line arguments exposes them in shell history and process listings."
"Check the environment for tokens before asking the user. Look in the current env and .env files first."
No instructions to ignore previous instructions, read unrelated files, or hide the skill's own behavior.
Permissions
Low
Profile declares no tools or MCP servers — it is pure instructional markdown for the agent to follow when invoking Vercel CLI commands.
Guidance is scoped to Vercel-specific operations (deploy, link, env management) and does not request shell execution, file mutation, or network access beyond Vercel's API.
Details
Evidence
"Declared tools: (none declared)"
"MCP servers: (none)"
All commands shown are standard Vercel CLI invocations (vercel deploy, vercel link, vercel env add) — no shell_exec, file_write, or subagent rules.
MCP Risk
Low
No MCP servers are defined in the profile.
Profile is pure markdown guidance; no binary execution, hidden tool descriptions, or unrestricted network/filesystem access.