Developers shocked as Claude Code plugin quietly triggers consent prompts and collects data even in unrelated non-Vercel projects

• Consent prompt appears even in projects without Vercel configuration
• Plugin delivers consent requests through system-level instruction injection
• Bash commands are captured fully, including sensitive environment details

A developer examining the Vercel plugin inside Claude Code found that a telemetry consent request appeared unexpectedly during unrelated work.

The project contained no Vercel configuration files or dependencies, yet the system still asked whether prompt data could be shared.