Skills
skills/alan-ws/migent/migrate-to-nextjs/Gen Agent Trust Hub

migrate-to-nextjs

Warn

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis

The skill migrate-to-nextjs is designed to automate the migration of legacy websites to Next.js. The analysis reveals the following:

🔴 MEDIUM Findings: • UNVERIFIABLE_DEPENDENCY

  • Line 28: The skill instructs to npm install -g migent. While migent appears to be a tool related to Next.js migration, it is an external dependency installed globally via npm, and its source is not explicitly listed as a trusted GitHub organization. This introduces a risk of executing unverified code. • UNVERIFIABLE_DEPENDENCY
  • Line 70: The skill instructs to bun add -D @biomejs/biome. Biome is a reputable tool, but it is an external dependency installed via bun, and its source is not explicitly listed as a trusted GitHub organization. This introduces a risk of executing unverified code. • UNVERIFIABLE_DEPENDENCY
  • Line 94: The skill configures migent to be run via npx -y migent mcp. This relies on the previously flagged migent dependency. • UNVERIFIABLE_DEPENDENCY
  • Line 190: The skill conditionally instructs to bun add framer-motion. Framer Motion is a popular animation library, but it is an external dependency installed via bun, and its source is not explicitly listed as a trusted GitHub organization. This introduces a risk of executing unverified code. • UNVERIFIABLE_DEPENDENCY
  • Line 270: The skill instructs to bunx shadcn@latest init -y. Shadcn/ui is a popular component library, but it is an external dependency installed via bunx, and its source is not explicitly listed as a trusted GitHub organization. This introduces a risk of executing unverified code. • UNVERIFIABLE_DEPENDENCY
  • Line 280: The skill configures shadcn to be run via npx shadcn@latest mcp. This relies on the previously flagged shadcn dependency. • UNVERIFIABLE_DEPENDENCY
  • Line 287: The skill instructs to bunx shadcn@latest add ... -y. This relies on the previously flagged shadcn dependency.

🔵 LOW Findings: • TRUSTED_EXTERNAL_SOURCE

  • Line 20: The skill adds vercel-labs/agent-skills via npx skills add. Vercel Labs is a trusted GitHub organization. • TRUSTED_EXTERNAL_SOURCE
  • Line 21: The skill adds vercel-labs/next-skills via npx skills add. Vercel Labs is a trusted GitHub organization. • TRUSTED_EXTERNAL_SOURCE
  • Line 22: The skill adds vercel-labs/next-skills via npx skills add. Vercel Labs is a trusted GitHub organization. • TRUSTED_EXTERNAL_SOURCE
  • Line 23: The skill adds vercel-labs/agent-skills via npx skills add. Vercel Labs is a trusted GitHub organization. • TRUSTED_EXTERNAL_SOURCE
  • Line 58: The skill uses bunx create-next-app@latest. create-next-app is an official tool from Vercel/Next.js, which is a trusted source.

ℹ️ INFO Findings: • INDIRECT_PROMPT_INJECTION_RISK: The skill processes a significant amount of external and potentially untrusted content from the user's legacy website, including file system content (e.g., package.json, index.html, .js files, sitemap.xml) and live site content via ir_capture. Malicious instructions embedded within this content could theoretically be interpreted by the AI, leading to unintended actions. Users should be aware of this inherent risk when processing untrusted external data.

No prompt injection attempts, data exfiltration to non-whitelisted domains, obfuscation, privilege escalation, persistence mechanisms, or time-delayed attacks were detected within the skill's instructions themselves.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 12, 2026, 03:27 PM