Skills
skills/jstarfilms/vibecode-protocol-suite/nextjs-standards/Gen Agent Trust Hub

nextjs-standards

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through its processing of untrusted project documentation. \n
  • Ingestion points: docs/features/ and docs/issues/ (referenced in SKILL.md and Coding_Guidelines.md). \n
  • Boundary markers: Absent; the skill explicitly directs the agent to follow these documents as 'the LAW'. \n
  • Capability inventory: scripts/vibe-verify.py executes shell commands including tsc, lint, and build. \n
  • Sanitization: Absent. \n- [COMMAND_EXECUTION] (LOW): The skill requires the execution of a Python script that invokes local shell commands to verify project state. \n
  • Evidence: scripts/vibe-verify.py uses subprocess.run to execute package manager commands and build tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:15 PM