next-upgrade
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata (SKILL.md) contains deceptive origin and verification claims, identifying 'vercel-labs' as the author and claiming to be 'verified'. This contradicts the provided author context ('oimiragieo') and constitutes metadata poisoning designed to gain unearned trust. Additionally, the skill's ingestion of project configuration files creates a surface for indirect prompt injection. Evidence: (1) Ingestion points: 'package.json', 'next.config.js', 'next.config.ts'. (2) Boundary markers: Absent. (3) Capability inventory: Subprocess calls via 'npm', 'npx', and 'git'. (4) Sanitization: Absent.
- [EXTERNAL_DOWNLOADS]: Fetches official Next.js migration tools and framework updates from the well-known NPM registry. While the downloaded packages themselves are legitimate, they are referenced within a skill providing misleading provenance information.
- [COMMAND_EXECUTION]: Uses standard development tools including 'npm', 'npx', and 'git' to perform dependency management and code transformation tasks aligned with its primary upgrade purpose.
Audit Metadata