next-upgrade
Warn
Audited by Snyk on Feb 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill instructs using WebFetch on https://nextjs.org/docs/app/building-your-application/upgrading/codemods and version-specific guides (e.g., https://nextjs.org/docs/app/building-your-application/upgrading/version-15) and running npx @next/codemod@latest at runtime, which will fetch external documentation and execute remote codemod code that directly controls the upgrade steps, so these runtime-fetches/executes meet the flagging criteria.
Audit Metadata