next-upgrade
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches migration guides and version-specific documentation from official Next.js domains (nextjs.org).
- [REMOTE_CODE_EXECUTION]: Instructs the agent to run automated code migrations using
npx @next/codemod@latest. This is a standard, official tool provided by the framework maintainers for version upgrades. - [COMMAND_EXECUTION]: Executes shell commands to install and update dependencies (Next.js, React, and TypeScript types) using the
npmpackage manager. - [PROMPT_INJECTION]: The skill processes the local
package.jsonfile to determine the current version and upgrade path. 1. Ingestion points:package.json(metadata and dependency list). 2. Boundary markers: None present. 3. Capability inventory: Subprocess execution vianpm,npx, and general bash commands. 4. Sanitization: No explicit sanitization of version strings or package names before command interpolation.
Audit Metadata