Skills
skills/ray123fa/agentskills/nextjs-mantine-stack/Gen Agent Trust Hub

nextjs-mantine-stack

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFE
Full Analysis
  • EXTERNAL_DOWNLOADS (SAFE): The skill instructions and setup scripts use npx create-next-app and npm install for well-known, industry-standard packages from the NPM registry. Per the trust-scope-rule, since these packages and the creator of the setup tool (Vercel) are trusted, this behavior is considered safe.
  • COMMAND_EXECUTION (SAFE): The provided setup.sh and setup.ps1 scripts execute local commands to create project directories and install dependencies. These actions are directly tied to the primary purpose of the skill (project scaffolding) and do not perform any hidden or malicious operations.
  • Indirect Prompt Injection (SAFE): While the setup scripts accept a user-provided project name which is then used in shell commands (creating a theoretical injection surface), this is a standard pattern for CLI scaffolding tools and represents a negligible risk in this context.
  • Ingestion points: ProjectName parameter in scripts/setup.sh and scripts/setup.ps1.
  • Boundary markers: N/A (scripts are meant for local developer execution).
  • Capability inventory: mkdir, cd, npx, npm install.
  • Sanitization: Basic shell quoting is present in some commands, but not robust validation; however, this is standard for boilerplate generators.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 02:23 PM