nextjs-16
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's 'Agent Workflow' mandates the use of external research tools to fetch data about a non-standard software version (Next.js 16).
- Ingestion points: Mandatory workflow steps 2 and 3 in
SKILL.mdrequire querying external documentation viaContext7andExatools. - Boundary markers: Absent. There are no instructions to the agent to treat external documentation as untrusted or to ignore embedded instructions within retrieved content.
- Capability inventory: The skill is designed for 'building Next.js apps,' which implies the agent has permissions to write files to the local filesystem and execute build/test commands.
- Sanitization: Absent. There is no requirement for the agent to validate or sanitize the retrieved technical instructions before implementation.
- [Command Execution] (MEDIUM): The skill requires the execution of validation tools like
fuse-ai-pilot:sniperand implies the use of a development environment for 'building apps'. Because the agent's logic is influenced by unverified external documentation (see Indirect Prompt Injection), these commands could be subverted to execute malicious code.
Recommendations
- AI detected serious security threats
Audit Metadata