nextjs-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues were detected. The skill is composed of purely instructional Markdown content.
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found. The language used is descriptive and educational.
- Data Exposure & Exfiltration (SAFE): The skill does not contain any hardcoded credentials, sensitive file paths, or network exfiltration logic.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No package installations or remote script executions (e.g., curl | bash) are present.
- Obfuscation (SAFE): No Base64 encoding, zero-width characters, or homoglyphs were detected.
- Indirect Prompt Injection (LOW): While the skill allows the agent to use filesystem tools (Read, Write, Glob, Grep) which could ingest untrusted project data, it does not provide any logic to process or execute instructions found in that data.
Audit Metadata