web-next-best-practices
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The documentation contains misleading technical information regarding fictional framework updates, such as Next.js v16. It specifically advises renaming 'middleware' to 'proxy', a change that does not exist in the official framework. An AI agent following these guidelines might recommend changes that disable critical security middleware (handling authentication or authorization) in a developer's codebase.\n- [COMMAND_EXECUTION]: The skill provides instructions for executing command-line tools, including 'npx' for migration codemods and 'curl' for interacting with a local JSON-RPC endpoint at 'localhost'. These represent a capability surface for interacting with the user's local development environment.\n- [EXTERNAL_DOWNLOADS]: The files reference numerous third-party dependencies and official utilities from the Vercel and Next.js ecosystem, such as '@next/codemod' and '@next/third-parties'. While these are from well-known sources, they represent external code that would be pulled into a project.\n- [DATA_EXFILTRATION]: The skill identifies a potential surface for data exposure through a proposed local development-time MCP endpoint.\n
- Ingestion points: 'references/debug-tricks.md' (via fictional '/_next/mcp' endpoint).\n
- Boundary markers: Absent in documentation.\n
- Capability inventory: Use of 'curl' and network requests to 'localhost' documented in 'references/debug-tricks.md'.\n
- Sanitization: Absent.
Audit Metadata