nextjs-16-proxy
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation encourages the execution of the shell command 'npx @next/codemod@canary middleware-to-proxy .'. This command targets a non-existent transformation for a non-existent framework version (Next.js 16). While the package namespace belongs to a trusted vendor (Vercel), providing fabricated command arguments can lead to unpredictable behavior in developer environments.
- [PROMPT_INJECTION]: The skill provides factually incorrect technical documentation, claiming that Next.js middleware is being renamed to 'proxy'. This acts as deceptive content that misleads the AI agent into suggesting architectural changes and project structures that are non-standard and factually incorrect, potentially compromising the integrity of the user's application logic.
Audit Metadata