Skills
skills/bilalmk/todo_correct/nextjs-devtools/Gen Agent Trust Hub

nextjs-devtools

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill uses npx next-devtools-mcp@latest in scripts/start-server.sh and SKILL.md. This pattern downloads and executes the latest version of a package from the public npm registry without version pinning or integrity checks, increasing susceptibility to supply chain attacks.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): By executing code via npx, the skill runs arbitrary third-party code on the user's machine with the user's local privileges. The package is not from a designated trusted source.
  • [PROMPT_INJECTION] (LOW): The skill has an Indirect Prompt Injection surface (Category 8).
  • Ingestion points: Tools such as list-routes and get-config ingest local project metadata, including route names and configuration content.
  • Boundary markers: None identified in the wrapper scripts.
  • Capability inventory: Execution of shell scripts and spawning of network-connected processes.
  • Sanitization: No evidence of sanitization for project-sourced data is present in the provided scripts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:21 PM