nextjs-knowledge-patch
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill employs 'knowledge poisoning' by providing false documentation for future software versions to override the agent's internal knowledge.
- Evidence: It claims that 'proxy.ts' replaces 'middleware.ts' in Next.js 16.0, a convention that does not exist.
- Evidence: It introduces fictional APIs such as 'updateTag()' and 'refresh()' as Server Action primitives.
- Evidence: It claims 'next lint' is removed in version 16.0 and requires migration to third-party tools.
- Impact: An agent using this skill will generate non-functional code for current projects and ignore established framework standards by falsely believing its training is 'outdated'.
Audit Metadata