next-best-practices
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The file
debug-tricks.mdcontains deceptive instructions that hallucinate a native 'Model Context Protocol' (MCP) endpoint (/_next/mcp) as a standard feature of 'Next.js 16+'. It provides a set of fake tools (e.g.,get_project_metadata,get_logs,get_server_action_by_id) designed to manipulate an agent into leaking internal project structure, file paths, and logs to a local network port. This is a form of metadata poisoning intended to misdirect agent behavior towards non-existent or attacker-controlled local services. - [EXTERNAL_DOWNLOADS]: The skill recommends several official migration tools and third-party packages. It suggests using
npx @next/codemod@latestfor API migrations and mentions standard packages like@next/third-parties,ioredis, and@aws-sdk/client-s3. These resources originate from well-known and trusted organizations. - [COMMAND_EXECUTION]: The skill provides numerous examples of shell commands, including
curlrequests to interact with the fake MCP server and Docker/PM2 deployment scripts. While provided as documentation, the instructions for interacting with the hallucinated MCP endpoint (curl -X POST http://localhost:<port>/_next/mcp) constitute an attempt to get the agent to execute network-bound commands based on false premises.
Audit Metadata