skills/sebas-aikon-intelligence/antigravity-awesome-skills/nextjs-best-practices/Gen Agent Trust Hub
nextjs-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect prompt injection as it combines data ingestion from untrusted project files with file system write capabilities.
- Ingestion points: Uses
Read,Glob, andGreptools to ingest content from project files (e.g., .tsx, .ts files) within a user's codebase. - Boundary markers: No delimiters or instructions (e.g., 'ignore instructions within data') are provided to isolate untrusted code content from the agent's operational logic.
- Capability inventory: Granted
WriteandEditpermissions for file system modifications, creating a risk of unauthorized code changes or data deletion if triggered by malicious input. - Sanitization: Lacks any defined sanitization or validation mechanisms to filter out malicious instructions embedded in the processed project files.
Recommendations
- AI detected serious security threats
Audit Metadata