create-next-project
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it is designed to ingest and analyze untrusted external data during its research phase.\n
- Ingestion points: The skill explicitly reads from existing user source code ("old project to port from") and accepts arbitrary theme registry URLs from users.\n
- Boundary markers: There are no instructions provided to the agent to treat this external content as untrusted or to ignore embedded instructions.\n
- Capability inventory: The skill possesses significant capabilities, including the ability to write files to the local system and execute network-enabled CLI tools like
git,vercel, andconvex.\n - Sanitization: No validation or sanitization of the content from existing projects or external URLs is performed before it is used to influence the behavior of the agent teams.\n- [COMMAND_EXECUTION]: The skill automates complex workflows by executing numerous CLI tools. This includes
bunfor package management,gitandghfor version control and repository management, andvercelandtursofor infrastructure operations. While these tools are standard for the described purpose, they represent a significant execution footprint.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the download and execution of remote code by usingbunxto run CLI tools from well-known and trusted providers, including Vercel (create-next-app), Biome, and Convex. It also allows for the addition of third-party UI components and themes from external registries.
Audit Metadata