nextjs-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a high-severity vulnerability surface by granting the agent write access to files it also reads. Ingestion points: External project files accessed via Read, Glob, and Grep tools. Boundary markers: None identified; the skill does not define delimiters for untrusted code. Capability inventory: The skill permits Write and Edit operations, allowing the agent to modify the environment based on instructions embedded in ingested data. Sanitization: None identified.
- NO_CODE (SAFE): Analysis of the skill file confirms it consists entirely of documentation and does not contain any executable scripts or third-party package dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata