The Agent Skills Directory

[PROMPT_INJECTION]: The skill provides the agent with factually incorrect security information. In references/metadata-seo.mdx, it claims that using JSON.stringify to embed data in a <script> tag via dangerouslySetInnerHTML is 'safe' because the output 'cannot contain script injection'. This is a false security claim; JSON.stringify does not escape the </script> tag, which an attacker can use to terminate the script block and execute arbitrary JavaScript (XSS).
[METADATA_POISONING]: The skill is entirely themed around 'Next.js 16', a version that has not been released. It provides documentation for fictional architectural changes, such as the renaming of the middleware.ts file convention to proxy() and the introduction of invented cache directives like 'use cache: remote' and 'use cache: private'. This deceptive content may cause an agent to produce code that is incompatible with actual Next.js environments.
[EXTERNAL_DOWNLOADS]: The skill references the installation of several legitimate third-party libraries, including server-only, swr, and @tanstack/react-query. These are standard packages in the Next.js ecosystem and are used here according to their intended purposes.

next-best-practices