building-nextjs-apps
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill documentation instructs users to install 'next-devtools-mcp' via 'npx'. This package originates from an unverified source not included in the trusted organization list.
- REMOTE_CODE_EXECUTION (MEDIUM): The recommended 'next-devtools-mcp' tool includes 'browser_eval', which uses Playwright to execute code in a browser context. This provides a high-privilege capability for executing scripts against untrusted web content.
- COMMAND_EXECUTION (LOW): The skill utilizes 'npx create-next-app' and 'npx shadcn@latest' for project scaffolding. While these are common industry tools, they involve executing third-party code from the npm registry at runtime.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its data ingestion surfaces. 1. Ingestion points: 'browser_eval' (evaluating external web pages) and 'nextjs_docs' (fetching external documentation). 2. Boundary markers: No delimiters or ignore instructions are present to protect the agent from embedded malicious instructions in the fetched data. 3. Capability inventory: The skill has the ability to write to the file system ('upgrade_nextjs_16') and automate browser actions ('browser_eval'). 4. Sanitization: No sanitization or validation of external content is mentioned.
Audit Metadata