next-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (MEDIUM): The skill provides instructions for a non-existent version of Next.js (v16), claiming core changes like renaming 'middleware.ts' to 'proxy.ts'. This is a form of deception designed to influence agent behavior through false technical claims.
- [Command Execution] (MEDIUM): The 'debug-tricks.md' file suggests the agent use curl to interact with a local '/_next/mcp' endpoint. This encourages the agent to perform network-based command execution based on non-standard and potentially non-existent protocol claims.
- [Metadata Poisoning] (MEDIUM): The skill includes deceptive metadata and documentation regarding 'Next.js 16' features (MCP server, proxy config). This deception could lead an agent to recommend or attempt to use insecure or non-existent configurations.
- [EXTERNAL_DOWNLOADS] (LOW): The skill recommends running 'npx @next/codemod@latest'. While this targets a trusted source (Vercel/Next.js), it involves executing remote scripts which requires caution.
Audit Metadata