next-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: Information disclosure of local filesystem paths. The
debug-tricks.mdfile describes diagnostic tools (get_project_metadataandget_logs) that return the absolute project root path and the absolute path to the development log file on the host system. - [COMMAND_EXECUTION]: Local service interaction via command-line tools.
debug-tricks.mdprovides examples for usingcurlto send JSON-RPC requests to a local development server to invoke diagnostic tools. - [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The skill describes tools for reading development server logs and runtime error stacks (
debug-tricks.md). Because logs and error messages often incorporate data from external HTTP requests (e.g., headers, query parameters), they provide a path for untrusted data to enter the agent's context. - Ingestion points:
debug-tricks.md(server logs viaget_logs, build/runtime errors viaget_errors). - Boundary markers: Absent; the instructions do not specify the use of delimiters when the agent processes these data sources.
- Capability inventory: The skill references the ability to perform network requests (
curl) and read file paths provided by tools. - Sanitization: Absent; no validation or filtering of log content is suggested before analysis.
- [EXTERNAL_DOWNLOADS]: Use of standard ecosystem utilities and well-known services. The skill references
npxcommands for running Next.js codemods (@next/codemod) and deployment tools (create-sst). It also includes instructions for loading third-party scripts from established services such as Google Tag Manager, Google Analytics, and YouTube, which are treated as safe sources.
Audit Metadata