Skills
skills/jawwad-ali/claude-code-skills/nextjs-app-router/Gen Agent Trust Hub

nextjs-app-router

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE] Category 8: Indirect Prompt Injection (SAFE): The skill analyzes local Next.js project files using a shell script (scripts/validate-structure.sh).
  • Ingestion points: Reads .tsx, .ts, and .js files within the app/ directory.
  • Boundary markers: Not applicable (standard file reading).
  • Capability inventory: Uses grep, find, and head to validate code patterns (e.g., checking for 'use client' or root layouts).
  • Sanitization: The script uses double-quotes for file paths and standard utilities, preventing simple path-based command injection.
  • [SAFE] Category 2: Data Exposure (SAFE): Code examples use placeholder URLs (api.example.com) and reference environment variables (process.env.REVALIDATION_SECRET) for sensitive tokens, which is a security best practice.
  • [SAFE] Category 4: Remote Code Execution (SAFE): The included shell script performs local static analysis only. It contains no network operations, downloads, or unverified package installations.
  • [INFO] Best Practices Note: An example in examples/page-layout.tsx uses dangerouslySetInnerHTML. While appropriate for a CMS-style tutorial snippet, developers should be reminded to sanitize HTML content to prevent XSS in their final applications.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 11:22 AM