nextjs
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Prompt Injection (MEDIUM): The skill uses imperative instructions to override the agent's knowledge of the Next.js framework, falsely claiming that middleware.ts is replaced by proxy.ts in a non-existent Next.js 16 release. This deceptive information forces the agent into non-standard architectural patterns.
- Data Exposure (LOW): The proxy.md and templates/proxy.ts files recommend logging raw request bodies and user IP/Geo data, which can lead to sensitive PII or credentials being leaked into server logs.
- Indirect Prompt Injection (LOW): The skill implements ingestion points for untrusted data from web requests (cookies, search params, JSON bodies) in its templates. It lacks sanitization or boundary markers for this data. (Evidence: Ingestion points in templates/proxy.ts and reference/dynamic-routes.md; Boundary markers: Absent; Capability inventory: Direct database access and server-side logic; Sanitization: Absent in logging and redirection examples).
Audit Metadata