Trust Assessment
deploy-to-vercel received a trust score of 20/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 2 high, 0 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: AI agent config, Command Injection via unquoted user-provided path in `bash` script execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on May 1, 2026 (commit ce3e64e4). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/deploy-to-vercel/SKILL.md:228 | |
| CRITICAL | Command Injection via unquoted user-provided path in `bash` script execution The skill instructs the LLM to execute custom bash scripts (`deploy.sh` and `deploy-codex.sh`) with a user-provided `[path]` argument without quoting it. This allows for command injection if the user provides input containing shell metacharacters (e.g., `$(command)` or `` `command` ``). The shell will interpret and execute these metacharacters before passing the argument to the bash script, leading to arbitrary code execution in the agent's environment. Instruct the LLM to always quote user-provided arguments when passing them to shell commands. For example, change `bash /mnt/skills/user/deploy-to-vercel/resources/deploy.sh [path]` to `bash /mnt/skills/user/deploy-to-vercel/resources/deploy.sh "[path]"`. This applies to all instances where `[path]` is passed to these scripts (lines 219, 222, 225, 271, 274). | LLM | SKILL.md:219 | |
| CRITICAL | Command Injection via unquoted user-provided commit message in `git commit` The skill instructs the LLM to construct a `git commit` command using a user-provided `<description of changes>` within a double-quoted string. If the user input contains shell metacharacters (e.g., `$(command)` or `` `command` ``), these will be executed by the shell before the `git commit` command is invoked, leading to arbitrary code execution in the agent's environment. Instruct the LLM to properly sanitize or quote the user-provided commit message. A safer approach would be to use `git commit -m "deploy: " -m "<description of changes>"` or to escape any special characters in the user's input before embedding it in the command. | LLM | SKILL.md:87 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/deploy-to-vercel/SKILL.md:228 | |
| HIGH | Command Injection via unquoted user-provided arguments in `vercel` CLI commands The skill instructs the LLM to use user-provided `[path]` and `<team-slug>` arguments in `vercel` CLI commands without quoting them. While the `vercel` CLI might offer some internal sanitization, passing unquoted user input directly to shell commands can lead to command injection if the input contains shell metacharacters. This could allow an attacker to execute arbitrary commands or manipulate the `vercel` command's behavior. Instruct the LLM to always quote user-provided arguments when passing them to `vercel` CLI commands. For example, change `vercel deploy [path]` to `vercel deploy "[path]"` and `--scope <team-slug>` to `--scope "<team-slug>"`. This applies to all instances where `[path]` (lines 70, 100, 104, 155, 250) or `<team-slug>` (lines 70, 145, 148, 155) are used. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/bfee0b85e0fbc97a)
Powered by SkillShield