nextjs-init
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands for directory creation using 'mkdir', package management via 'pnpm add', and project initialization with 'npx'.
- [EXTERNAL_DOWNLOADS]: Fetches the 'create-next-app' initializer and standard development dependencies from the npm registry.
- [REMOTE_CODE_EXECUTION]: Uses 'npx' to execute the official Next.js project creator at runtime.
- [PROMPT_INJECTION]: The skill incorporates the user-provided 'target' argument directly into shell command strings, which represents a potential surface for indirect injection if the input is not sanitized by the calling agent. 1. Ingestion points: 'target' argument in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: File system operations and shell execution (npx, pnpm, mkdir). 4. Sanitization: Absent.
Audit Metadata