nextjs-16
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains deceptive instructions claiming to represent a non-existent 'Next.js 16' version. It explicitly directs the agent and developer to replace 'middleware.ts' with 'proxy.ts' for route protection. Because Next.js does not support or recognize 'proxy.ts', following these instructions would silently disable all middleware-level security filters, effectively bypassing authentication and security headers without triggering errors.
- [DATA_EXFILTRATION]: The 'Authentication Proxy' example includes a logic pattern vulnerable to Open Redirect attacks. The code retrieves a 'redirect' value directly from search parameters and uses it in 'NextResponse.redirect(new URL(redirect, request.url))'. Since the 'new URL' constructor allows absolute URLs if they begin with '//' or a protocol, an attacker could craft a link that redirects authenticated users to an external malicious domain for phishing or token theft.
Recommendations
- AI detected serious security threats
Audit Metadata