nextjs
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists exclusively of .md and .mdx files. No executable scripts (Python, JS, Shell) are included that would run as part of the skill's own logic. All code snippets are embedded within documentation for instructional purposes only.
- EXTERNAL_DOWNLOADS (SAFE): The documentation contains links to official Next.js resources and assets hosted by Vercel. These domains (github.com/vercel, vercel.com) are recognized as trusted external sources.
- COMMAND_EXECUTION (SAFE): While the documentation provides various CLI examples (e.g.,
npm install next@canary,npx create-next-app), these are provided for the user's information. The SKILL.md file includes an explicit security notice warning that these commands should not be auto-executed by agents. - PROMPT_INJECTION (SAFE): A review of the documentation content found no attempts to use role-play, 'DAN' style injections, or instructions designed to bypass agent safety protocols. The language is standard technical documentation.
Audit Metadata