next-upgrade
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from official documentation and local package files to determine which shell commands to run. * Ingestion points: package.json and URLs under nextjs.org. * Boundary markers: Absent; no separators protect the agent from embedded instructions in the fetched data. * Capability inventory: npx, npm install, npm build, and npm dev. * Sanitization: Absent; the skill does not validate command transforms or paths before execution.
- Command Execution (HIGH): The skill executes npx and npm commands with arguments derived from external sources, which could lead to command injection if the source content is manipulated.
- External Downloads (LOW): The skill fetches content from nextjs.org. Although Vercel is a trusted organization, using remote content to drive execution logic is an inherent risk. Severity is downgraded per [TRUST-SCOPE-RULE].
Recommendations
- AI detected serious security threats
Audit Metadata