Security Audit

vercel-cli-with-tokens

github.com/vercel-labs/agent-skills

AI SkillCommit 8c56b3d4b89e

TRUSTED

Scanned 6 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

vercel-cli-with-tokens received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 1 low severity. Key findings include Potential Command Injection via Unsanitized User Input in Shell Commands, Unpinned `npm` Dependency Installation.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on April 1, 2026 (commit 8c56b3d4). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

83%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Unsanitized User Input in Shell Commands The skill provides numerous shell command templates that use placeholders (e.g., `<team-slug>`, `<description of changes>`, `<VAR_NAME>`, `<domain>`, `<project-name>`, `<repo-url>`). If the agent populates these placeholders with unsanitized user input, a malicious string could be injected, leading to arbitrary command execution. A specific example is `git commit -m "deploy: <description of changes>"`. If `<description of changes>` contains `"; rm -rf /; echo "`, the command becomes `git commit -m "deploy: foo"; rm -rf /; echo "bar"`, executing `rm -rf /`. Similar risks exist for arguments like `--scope <team-slug>` or `vercel env add VAR_NAME` if not properly sanitized. Implement robust input sanitization and escaping for all user-provided values before incorporating them into shell commands. For commit messages, consider using `git commit -F -` to read from stdin, which is generally safer. For other arguments, ensure proper quoting and escaping of shell metacharacters.	LLM	SKILL.md:140
LOW	Unpinned `npm` Dependency Installation The skill instructs to install the `vercel` CLI using `npm install -g vercel`. This command does not specify a version, implicitly installing the latest. This can lead to unexpected behavior, breaking changes, or the introduction of new vulnerabilities if a future version of the `vercel` package contains issues. While `vercel` is a well-known package, best practice dictates pinning versions for reproducibility and security. Specify a precise version for `npm` package installations (e.g., `npm install -g vercel@X.Y.Z`) to ensure consistent and secure environments.	LLM	SKILL.md:100

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/1944a1b1ad1ca4d4.svg)](https://skillshield.io/report/1944a1b1ad1ca4d4)