next-upgrade
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill invokes several shell commands including 'npm install', 'npx', and 'npm run build', which allow for broad system interaction and potential abuse.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes 'npx @next/codemod@latest' to download and run scripts from a remote registry at runtime, an action that carries high risk despite the trusted source.
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches documentation from 'nextjs.org' and packages from 'npmjs.com'. Per the [TRUST-SCOPE-RULE], these are trusted sources, which downgrades the download finding specifically to LOW, but does not affect the severity of the execution behavior.
- [PROMPT_INJECTION] (HIGH): Detected Indirect Prompt Injection surface. 1. Ingestion point: The skill reads untrusted data from 'package.json'. 2. Boundary markers: Absent. 3. Capability inventory: Command execution via npx, npm install, and npm run. 4. Sanitization: Absent. An attacker could craft a malicious 'package.json' in a repository to manipulate the agent into executing unintended commands or accessing sensitive paths during the upgrade process.
Recommendations
- AI detected serious security threats
Audit Metadata