Skip to main content

deploy-pipeline

Establishes CI/CD pipelines for KPI dashboards using GitHub Actions, Vercel, and Docker, ensuring automated deployments and notifications.

Install this skill

or
22/100

Security score

The deploy-pipeline skill was audited on Jun 6, 2026 and we found 22 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 40

Template literal with variable interpolation in command context

SourceSKILL.md
40```yaml
medium line 126

Template literal with variable interpolation in command context

SourceSKILL.md
126```yaml
medium line 244

Template literal with variable interpolation in command context

SourceSKILL.md
244```yaml
medium line 371

Template literal with variable interpolation in command context

SourceSKILL.md
371```yaml
medium line 437

Template literal with variable interpolation in command context

SourceSKILL.md
437```yaml
medium line 493

Template literal with variable interpolation in command context

SourceSKILL.md
493{ name: 'KPI API', url: `${process.env.DASHBOARD_URL}/api/kpis.json`, expect: 200 },
medium line 494

Template literal with variable interpolation in command context

SourceSKILL.md
494{ name: 'Performance API', url: `${process.env.DASHBOARD_URL}/api/performance.json`, expect: 200 },
medium line 504

Template literal with variable interpolation in command context

SourceSKILL.md
504console.log(`${passed ? '✅' : '❌'} ${check.name}: HTTP ${response.status}`);
medium line 507

Template literal with variable interpolation in command context

SourceSKILL.md
507console.log(`❌ ${check.name}: ${err.message}`);
medium line 512

Template literal with variable interpolation in command context

SourceSKILL.md
512console.log(`\n${allPassed ? '✅ All checks passed' : '❌ Some checks failed'}`);
medium line 532

Template literal with variable interpolation in command context

SourceSKILL.md
532{ type: 'TextBlock', text: `${status === 'success' ? '✅' : '❌'} Dashboard Deployment`,
medium line 554

Template literal with variable interpolation in command context

SourceSKILL.md
554```yaml
medium line 594

Template literal with variable interpolation in command context

SourceSKILL.md
594```yaml
medium line 329

Wget to non-GitHub URL

SourceSKILL.md
329CMD wget --no-verbose --tries=1 --spider http://localhost/ || exit 1
low line 121

Webhook reference - potential data exfiltration

SourceSKILL.md
121SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
low line 428

Webhook reference - potential data exfiltration

SourceSKILL.md
428SLACK_WEBHOOK_URL Slack incoming webhook for notifications All deploys
low line 484

Webhook reference - potential data exfiltration

SourceSKILL.md
484SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
low line 606

Access to hidden dotfiles in home directory

SourceSKILL.md
606~/.npm
low line 492

Access to .env file

SourceSKILL.md
492{ name: 'Dashboard HTML', url: process.env.DASHBOARD_URL, expect: 200 },
low line 493

Access to .env file

SourceSKILL.md
493{ name: 'KPI API', url: `${process.env.DASHBOARD_URL}/api/kpis.json`, expect: 200 },
low line 494

Access to .env file

SourceSKILL.md
494{ name: 'Performance API', url: `${process.env.DASHBOARD_URL}/api/performance.json`, expect: 200 },
low line 329

External URL reference

SourceSKILL.md
329CMD wget --no-verbose --tries=1 --spider http://localhost/ || exit 1
Scanned on Jun 6, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
github-copilotclaude-codecursoropencodewindsurfclineroo-codeampgemini-cliantigravitymanusdevopsbackendcross-platformdevops-srebackend-developerfrontend-developerproduct-managertechnical-pmgithubvercelnetlifydockermicrosoft-teamsslackdevelopmentproduct
Bigdez55/SOAE-Dashboard