next-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): The instructions are strictly limited to technical best practices for Next.js development. No override markers, jailbreak patterns, or 'ignore previous instructions' triggers were detected.
- [Data Exposure] (SAFE): No hardcoded API keys, tokens, or sensitive system paths are present. The skill does not perform network operations.
- [Remote Code Execution] (SAFE): The skill does not use package managers (npm/pip) or curl/wget to fetch and execute external scripts. It only references local documentation files.
- [Indirect Prompt Injection] (LOW): While the skill is designed to ingest and analyze untrusted user code (Next.js projects), the provided file indicates its role is purely advisory. There are no indications of dangerous side-effect capabilities such as file modification or shell execution that could be exploited via malicious code comments.
- [Obfuscation] (SAFE): No Base64, zero-width characters, or encoded payloads were found in the metadata or body content.
Audit Metadata