seo-metadata
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Data Exposure] (INFO): The code utilizes
process.env.NEXT_PUBLIC_SITE_URL. In the Next.js framework, theNEXT_PUBLIC_prefix is specifically used to allow environment variables to be accessible in the browser for non-sensitive data like site URLs, which does not constitute a secret leak. - [Indirect Prompt Injection] (INFO): The skill ingests data from translation files and database lookups (e.g.,
programme.title) to populate metadata. While this is a data ingestion point, the capability tier is 'display only' (rendering static meta tags), meaning there is no risk of command execution or unauthorized data exfiltration. - [Safe Dependencies] (SAFE): The implementation relies on well-known, trusted libraries (
next,next-intl) and does not include any remote script execution, obfuscation, or unauthorized network operations.
Audit Metadata