next-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill consists of instructional markdown files and code snippets. No malicious behavior or patterns were detected.
- DATA_EXPOSURE (SAFE): Files like
self-hosting.mdandscripts.mduse placeholders for sensitive data (e.g.,API_SECRET=...,DATABASE_URL=...,apiKey="YOUR_API_KEY"). No actual credentials or hardcoded secrets are present. - EXTERNAL_DOWNLOADS (SAFE): The skill references standard developer tools and packages (e.g.,
npx @next/codemod,npm ci,@next/third-parties). These are well-known resources in the Next.js ecosystem and do not constitute a threat in this context. - REMOTE_CODE_EXECUTION (SAFE): No patterns of piping remote content to a shell or dynamic execution of untrusted code were found.
- COMMAND_EXECUTION (SAFE): The command-line examples provided (e.g.,
next build,pm2 start) are standard for Next.js development and are intended for the user's local development environment.
Audit Metadata