nextjs-app-router
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection.\n
- Ingestion points: In
basic-integration-1.0-begin.md, the agent is instructed to read 10-15 project files to identify tracking opportunities. It also suggests reading dependency source code innode_moduleswithin the framework guidelines inSKILL.md.\n - Boundary markers: The workflow relies on a
.posthog-events.jsonfile for planning, which provides a structured intermediate step between reading and writing.\n - Capability inventory: The skill involves writing and editing project files (as seen in
basic-integration-1.1-edit.md) to implement event capture and user identification.\n - Sanitization: The instructions do not include steps to sanitize or validate the content of the files being read before the agent acts upon them.\n- [EXTERNAL_DOWNLOADS]: The documentation in
next-js.mdreferences the use of the official PostHog wizard. This involves fetching the@posthog/wizardpackage from the NPM registry, which is an established and trusted repository for a well-known service.\n- [REMOTE_CODE_EXECUTION]: The skill provides instructions to execute the PostHog setup wizard usingnpx -y @posthog/wizard@latest. This constitutes remote code execution from a trusted service provider.
Audit Metadata