Skills
skills/eng0ai/eng0-template-skills/nextjs-blog-netlify/Gen Agent Trust Hub

nextjs-blog-netlify

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill performs a git clone from https://github.com/netlify-templates/nextjs-blog-theme.git. This source is not on the trusted GitHub organization list provided in the security policy.
  • COMMAND_EXECUTION (MEDIUM): The skill executes npm install and npm run build on the downloaded content. This allows for the execution of arbitrary scripts defined in the external repository's package.json file (e.g., preinstall, postinstall hooks).
  • PROMPT_INJECTION (SAFE): No evidence of malicious instructions, jailbreak attempts, or system prompt extraction was found in the skill text.
  • INDIRECT_PROMPT_INJECTION (LOW): This skill has an attack surface for indirect prompt injection as it ingests untrusted code from an external repository and then executes it.
  • Ingestion points: SKILL.md (via git clone)
  • Boundary markers: None
  • Capability inventory: npm install, npm run build, netlify deploy (command execution and network access)
  • Sanitization: None
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:07 PM