The Agent Skills Directory

[PROMPT_INJECTION] (MEDIUM): The skill uses deceptive metadata and speculative technical content to influence agent behavior. It presents fabricated features for a non-existent 'Next.js 16' (such as proxy.ts replacing middleware.ts) as authoritative. This can mislead an agent into overriding its current technical knowledge base with incorrect instructions during code generation.
[COMMAND_EXECUTION] (LOW): README.md includes instructions for executing local shell commands including pnpm install and Node.js scripts (validate-skill.js, build-agents-md.js). These script files are absent from the provided 46-file package, which is a consistency issue that prevents a full security audit of the build-time logic.
[Indirect Prompt Injection] (LOW): The guidelines recommend using dangerouslySetInnerHTML for third-party script integrations. This creates a potential injection surface if the content is not strictly static. Evidence Chain: 1. Ingestion point: references/client-third-party-scripts.md. 2. Boundary markers: Absent. 3. Capability: Agent is instructed to generate code using direct HTML injection. 4. Sanitization: Examples use static scripts but provide no guidance on sanitizing dynamic inputs.

nextjs