nextjs-expert
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a memory protocol in SKILL.md that instructs the agent to execute a shell command (
cat .claude/context/memory/learnings.md) to retrieve state. This is an intended functional behavior for context management within the agent's specific development environment. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and analyze external source code. 1. Ingestion points: Target files and paths specified in the execution context (SKILL.md, schemas/input.schema.json). 2. Boundary markers: Absent; there are no specific markers or instructions to delineate untrusted content from the system instructions. 3. Capability inventory: The skill utilizes powerful tools such as Bash, Write, and Edit which could be abused if malicious instructions are successfully injected via analyzed files (SKILL.md). 4. Sanitization: Absent; the skill does not implement filtering or validation of the code being reviewed before it enters the agent context.
Audit Metadata