nextjs-devtools
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill executes 'npx next-devtools-mcp@latest' which fetches and runs external code without version pinning or integrity checks. This allows for arbitrary code execution on the host if the registry or package is compromised.\n- EXTERNAL_DOWNLOADS (HIGH): The package 'next-devtools-mcp' is sourced from a public registry and is not part of the trusted organization list. Per [TRUST-SCOPE-RULE], this is a high-risk external dependency.\n- COMMAND_EXECUTION (MEDIUM): The 'start-server.sh' script invokes shell commands to launch and manage background server processes.\n- PROMPT_INJECTION (MEDIUM): The skill has an indirect prompt injection surface due to its data ingestion capabilities.\n
- Ingestion points: Tools like list-routes and list-components read data from the local filesystem.\n
- Boundary markers: No delimiters or warnings are used to prevent the agent from obeying instructions embedded in project files.\n
- Capability inventory: The agent can execute shell commands and manage local server processes.\n
- Sanitization: No content validation or sanitization of ingested project data was found.
Recommendations
- AI detected serious security threats
Audit Metadata