The Agent Skills Directory

[COMMAND_EXECUTION]: The template file scripts/optimize-build.js contains code using child_process.execSync to run shell commands such as rm -rf .next, node scripts/build-search-index.js, and lighthouse. Since the skill specifies Bash in its allowed-tools, there is a risk that the agent may execute these commands on the host system. Dynamic assembly of command strings for build tasks is a known vector for command injection if input parameters are not properly sanitized.
[EXTERNAL_DOWNLOADS]: The skill contains references to official repositories and well-known services, including https://github.com/shuding/nextra and https://vercel.com/templates/next.js. It also suggests the installation of standard industry packages like nextra and nextra-theme-docs. These references are to trusted organizations and do not contribute to a higher severity verdict.

moai-nextra-architecture