nextjs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains standard instructional language focused on Next.js development and does not include any bypass markers, jailbreak attempts, or instructions to ignore safety protocols.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or suspicious network operations were found. The network references are limited to official documentation (nextjs.org, react.dev).
- Obfuscation (SAFE): The markdown and code examples are clear, readable, and devoid of Base64 encoding, zero-width characters, or homoglyph-based evasion techniques.
- Unverifiable Dependencies (SAFE): The skill references standard industry-standard packages (Zod, React, Next.js) and does not attempt to install or execute remote scripts from untrusted sources.
- Indirect Prompt Injection (LOW): While the skill processes project files which could contain untrusted data, it includes a structured workflow and emphasizes standard implementation patterns.
- Ingestion points: Reads project files during Step 3 (Context Loading).
- Boundary markers: Relies on standard interface patterns for loading context and memory.
- Capability inventory: Limited to reading/writing project code and documentation in a restricted environment.
- Sanitization: Standard for coding assistants; the skill itself does not introduce new sanitization vulnerabilities.
Audit Metadata