Skills
skills/andrelandgraf/fullstackrecipes/nextjs-on-vercel/Gen Agent Trust Hub

nextjs-on-vercel

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [External Downloads] (MEDIUM): The skill references an external resource recipe://fullstackrecipes.com/nextjs-on-vercel and provides a curl command to fetch data from https://fullstackrecipes.com. This domain is not a recognized trusted source, posing a risk of unverifiable content ingestion.
  • [Indirect Prompt Injection] (HIGH): The skill is designed to ingest external "recipes" that dictate agent behavior.
  • Ingestion points: Content is retrieved from https://fullstackrecipes.com/api/recipes/nextjs-on-vercel (SKILL.md).
  • Boundary markers: There are no delimiters or instructions to ignore malicious content within the fetched recipe.
  • Capability inventory: The skill claims the ability to "configure the development environment" and "deploy to Vercel," which implies command execution and network access.
  • Sanitization: No evidence of sanitization for the fetched recipe content before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:24 PM