nextjs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill documentation in
SKILL.mdinstructs the agent to configure an MCP server usingnpx -y next-devtools-mcp@latest. This involves downloading and executing a package from an untrusted author, which poses a supply chain risk. - [REMOTE_CODE_EXECUTION] (HIGH): The setup instructions for the MCP server create a direct path for remote code execution. An agent following these steps would run code from the npm registry at runtime without any prior security validation or human-in-the-loop approval.
- [COMMAND_EXECUTION] (MEDIUM): The file upload template in
references/server-actions.mdis vulnerable to path traversal. The implementation usespath.joinwith a user-controlledfile.nameproperty without sanitization, which could allow an attacker to overwrite sensitive files outside the intended upload directory, such as.envorpackage.json. - [PROMPT_INJECTION] (HIGH): The skill defines an interface for coding agents to ingest application logs and build errors via tools like
get_logsandget_errors. This creates a significant surface for Indirect Prompt Injection. An attacker could trigger specific error messages or log entries (e.g., via a crafted web request) to manipulate the agent's behavior, which is particularly dangerous given the agent likely has file-write and command-execution capabilities.
Recommendations
- AI detected serious security threats
Audit Metadata