next-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill instructs the agent in 'debug-tricks.md' to fetch data from a local development server via an MCP endpoint ('/_next/mcp'). * Ingestion points: The agent reads JSON-RPC responses from 'http://localhost:/_next/mcp'. * Boundary markers: No delimiters or instructions to ignore embedded commands in the server output are provided. * Capability inventory: The agent is taught to use 'curl' for network operations and explore project routes, logs, and server actions. * Sanitization: No sanitization of the server's output is mentioned.
- [COMMAND_EXECUTION] (LOW): Use of npx for migration tools. * Evidence: The skill suggests running 'npx @next/codemod@latest' in 'async-patterns.md' and 'file-conventions.md'. * Trust Scope Rule: These commands target the '@next' scope associated with Vercel, a trusted organization, which downgrades the finding's severity.
Audit Metadata