nextjs-code-review
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's instructions and reference files are consistent with its stated purpose of performing Next.js code reviews. It uses appropriate tools for file inspection and provides constructive examples.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted source code during its analysis phase. This risk is inherent to the tool's primary function and is mitigated by the scope of the review.
- Ingestion points: Next.js source files (e.g.,
page.tsx,layout.tsx,route.ts) are read from the project directory using theReadandGlobtools. - Boundary markers: Absent; the instructions do not prescribe using delimiters or specific 'ignore instructions' warnings when the agent processes file content.
- Capability inventory: The skill has access to
Read,Edit,Grep,Glob, andBashtools. - Sanitization: Absent; there is no specified validation or sanitization of the content found within the ingested project files.
Audit Metadata