next-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill references
npx @next/codemod@latest. This is an official migration tool from the Vercel organization. Per the [TRUST-SCOPE-RULE], downloads from this trusted source are considered safe. - COMMAND_EXECUTION (SAFE): Contains standard CLI commands for building (
next build) and analyzing (next experimental-analyze) Next.js applications. No malicious or unauthorized command execution patterns were found. - DATA_EXFILTRATION (SAFE): While the documentation mentions sensitive environment variables (e.g.,
DATABASE_URL,REDIS_URL,API_SECRET) for self-hosting configurations, they are used within legitimate templates and no exfiltration patterns were detected. - REMOTE_CODE_EXECUTION (SAFE): No suspicious remote code execution or unauthorized script fetching patterns were identified. All script and package references are standard within the Next.js ecosystem.
Audit Metadata