Skills
skills/quick-brown-foxxx/coding_rules_ts/setting-up-nextjs-projects/Gen Agent Trust Hub

setting-up-nextjs-projects

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines a variety of development scripts in package.json that execute standard CLI tools such as next, tsc, eslint, vitest, and playwright for building, linting, and testing the application.
  • [EXTERNAL_DOWNLOADS]: The template includes instructions for fetching external UI components using pnpm dlx shadcn and provides example configuration in orval.config.ts for pointing to a remote OpenAPI schema URL for code generation.
  • [REMOTE_CODE_EXECUTION]: The preinstall script uses npx only-allow pnpm to enforce the package manager, which involves downloading and executing a package from the npm registry. Furthermore, the api:gen script uses tsx to run a local generation script that processes external API specifications.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted data from external sources such as OpenAPI specifications (via Orval) and environment configurations.
  • Ingestion points: orval.config.ts (external URL), src/env.ts (environment variables).
  • Boundary markers: Not explicitly defined for external schema ingestion.
  • Capability inventory: The skill includes scripts for package installation (pnpm install), local code execution (tsx), and file generation (api:gen).
  • Sanitization: Not documented for the schema ingestion process.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 10:42 PM