nextjs-migration-toolkit
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill includes instructions and a setup script (
scripts/setup.sh) that runnpm installto download required dependencies (ts-morph, commander, handlebars, etc.). These are well-known packages from the official npm registry. - [COMMAND_EXECUTION] (SAFE): The tool relies on
npx tsxto execute its internal TypeScript logic. This is the intended operation for a command-line utility and is constrained to the toolkit's own files. - [DATA_EXFILTRATION] (SAFE): Analysis of the file system operations (using
fs) confirms that the tool only reads source files for analysis and writes migration logs or state information to a local.migrationdirectory within the user's project. No network-based exfiltration was found. - [PROMPT_INJECTION] (SAFE): The
SKILL.mdfile contains standard instructional content for developers and agents. It does not contain any hidden directives, bypass attempts, or malicious overrides. - [DYNAMIC_EXECUTION] (SAFE): The skill uses Handlebars for generating code from templates. It does not utilize
eval(),exec(), or other unsafe dynamic execution methods on user-controlled input. All logic is performed via static AST transformations.
Audit Metadata