nextjs-fullstack-scaffold
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill instructs the agent to perform standard initialization tasks such as 'npx husky init' and Prisma-related commands. These are routine operations within a developer workflow and are used appropriately for project setup.
- [EXTERNAL_DOWNLOADS] (SAFE): The project template references standard, well-known libraries from the public NPM registry (e.g., Next.js, React, Supabase, Prisma, Tailwind CSS). These are industry-standard dependencies from trusted sources.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials or data exfiltration logic were detected. The skill provides a '.env.example' template for environment variables, which is the standard safe practice for handling secrets.
- [PROMPT_INJECTION] (SAFE): The skill instructions are focused on file generation and do not contain patterns attempting to bypass safety filters or override agent instructions.
- [DATA_EXPOSURE] (SAFE): While the skill ingests user input (Project Name, Description) for templating, this is the core intended purpose of the scaffold. No sensitive local file access or unauthorized network requests were observed.
Audit Metadata