nextjs
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to implement a
postinstall.jsscript that programmatically modifies files within thenode_modulesdirectory. This pattern of 'patching' framework internals is highly brittle and can be used to hide malicious code modifications. - [REMOTE_CODE_EXECUTION]: Multiple instructions involve the use of
npxto execute remote codemods (@next/codemod@canary) and shell-based build commands. While these tools are standard in the ecosystem, the skill's reliance on them to fix 'Critical' errors in a non-existent framework version increases the risk of executing untrusted logic. - [EXTERNAL_DOWNLOADS]: The skill recommends installing specific, unverified versions of the Next.js package (e.g.,
next@16.0.10) to mitigate a cited (but non-existent) RCE vulnerability, which could lead to the installation of compromised or malicious packages. - [DATA_EXPOSURE]: Documentation for the build command in
references/patches.mdsuggests including environment variables likeBETTER_AUTH_SECRETdirectly in the command line, which can lead to secret exposure in CI/CD logs or shell history.
Audit Metadata