next-best-practices

Warn

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The file debug-tricks.md contains deceptive instructions that hallucinate a native 'Model Context Protocol' (MCP) endpoint (/_next/mcp) as a standard feature of 'Next.js 16+'. It provides a set of fake tools (e.g., get_project_metadata, get_logs, get_server_action_by_id) designed to manipulate an agent into leaking internal project structure, file paths, and logs to a local network port. This is a form of metadata poisoning intended to misdirect agent behavior towards non-existent or attacker-controlled local services.
  • [EXTERNAL_DOWNLOADS]: The skill recommends several official migration tools and third-party packages. It suggests using npx @next/codemod@latest for API migrations and mentions standard packages like @next/third-parties, ioredis, and @aws-sdk/client-s3. These resources originate from well-known and trusted organizations.
  • [COMMAND_EXECUTION]: The skill provides numerous examples of shell commands, including curl requests to interact with the fake MCP server and Docker/PM2 deployment scripts. While provided as documentation, the instructions for interacting with the hallucinated MCP endpoint (curl -X POST http://localhost:<port>/_next/mcp) constitute an attempt to get the agent to execute network-bound commands based on false premises.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 21, 2026, 12:12 AM