deployment
Guides users through deploying applications using modern platforms and tools, including CI/CD pipelines and Docker configurations.
Install this skill
Security score
The deployment skill was audited on Feb 28, 2026 and we found 35 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 244 | ```yaml |
Template literal with variable interpolation in command context
| 325 | ```yaml |
Template literal with variable interpolation in command context
| 509 | ```yaml |
Template literal with variable interpolation in command context
| 529 | ```yaml |
Template literal with variable interpolation in command context
| 647 | ```yaml |
Piping content to sh shell
| 106 | curl -L https://fly.io/install.sh | sh |
Curl to non-GitHub URL
| 106 | curl -L https://fly.io/install.sh | sh |
Webhook reference - potential data exfiltration
| 185 | STRIPE_WEBHOOK_SECRET="whsec_..." |
Access to hidden dotfiles in home directory
| 330 | ~/.npm |
Access to .env file
| 170 | ### .env Management |
Access to .env file
| 172 | Never commit secrets to git. Always use .env.example for documentation: |
Access to .env file
| 174 | **.env.example:** |
Access to .env file
| 210 | DATABASE_URL: process.env.DATABASE_URL, |
Access to .env file
| 211 | NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET, |
Access to .env file
| 212 | STRIPE_SECRET_KEY: process.env.STRIPE_SECRET_KEY, |
Access to .env file
| 213 | NEXT_PUBLIC_APP_URL: process.env.NEXT_PUBLIC_APP_URL, |
Access to .env file
| 416 | .env*.local |
Access to .env file
| 593 | dsn: process.env.NEXT_PUBLIC_SENTRY_DSN, |
Access to .env file
| 595 | environment: process.env.NODE_ENV, |
Access to .env file
| 596 | enabled: process.env.NODE_ENV === 'production', |
Access to .env file
| 605 | dsn: process.env.SENTRY_DSN, |
Access to .env file
| 607 | environment: process.env.NODE_ENV, |
Access to .env file
| 726 | patterns: [".env.example"] |
Access to .env file
| 750 | 2. .env.example exists and documents required variables |
Access to .env file
| 764 | **Solution:** Document all variables in .env.example and validate at build time with zod. |
Access to .env file
| 777 | url: process.env.DATABASE_URL, // Use pooled connection string |
External URL reference
| 80 | "$schema": "https://railway.app/railway.schema.json", |
External URL reference
| 106 | curl -L https://fly.io/install.sh | sh |
External URL reference
| 180 | NEXTAUTH_URL="http://localhost:3000" |
External URL reference
| 481 | CMD node -e "require('http').get('http://localhost:3000/api/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))" |
External URL reference
| 538 | body: '[DEPLOY] Preview deployed to: https://pr-${{ github.event.number }}.myapp.com' |
External URL reference
| 615 | - **Better Uptime**: https://betteruptime.com |
External URL reference
| 616 | - **Pingdom**: https://www.pingdom.com |
External URL reference
| 617 | - **UptimeRobot**: https://uptimerobot.com |
External URL reference
| 710 | - url: "https://my-app.com/api/health" |
Install this skill with one command
/learn @mgd34msu/deployment