nextjs-developer
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The
uploadAvatarserver action example inreferences/server-actions.mdcontains a Path Traversal vulnerability. It directly joins the user-providedfile.namefromFormDatawith a local directory path (path.join(process.cwd(), 'public', 'uploads', file.name)) before callingfs.writeFile. Without filename sanitization, an attacker could provide a path like../../.envto overwrite sensitive application configuration files.\n- [PROMPT_INJECTION]: The skill documents patterns for usingdangerouslySetInnerHTMLand processing user-submitted data, creating a surface for Indirect Prompt Injection.\n - Ingestion points: Data enters the system via Server Actions (
FormData), API route handlers (NextRequest), and external API calls (fetch) as shown inreferences/data-fetching.mdandreferences/server-actions.md.\n - Boundary markers: While the skill suggests Zod for data validation, it lacks explicit prompt boundary markers when interpolating processed data into UI components.\n
- Capability inventory: The skill's code templates include filesystem access (
writeFileinreferences/server-actions.md), database mutations (via Prisma), and outbound network requests (fetch).\n - Sanitization: The skill recommends
DOMPurifyfor HTML rendering and Zod for schema validation, but fails to apply sanitization to the file path in the upload example.\n- [DATA_EXFILTRATION]: Inreferences/deployment.md, thevercel.jsonexample demonstrates usingAccess-Control-Allow-Origin: "*". Although it includes a warning comment, providing this insecure configuration template increases the risk of developers implementing overly permissive CORS policies that allow unauthorized cross-origin data access.
Audit Metadata