nextjs-dev-orchestration
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as an orchestrator that translates natural language requirements into functional Next.js code. This creates an inherent surface for indirect prompt injection, where a malicious user could provide requirements designed to trick the agent into generating vulnerable code or backdoors. \n
- Ingestion points: Feature requirements analysis in
SKILL.md(Step 1). \n - Boundary markers: None. The skill does not use specific delimiters or instructions to ignore potential commands embedded within user requirements. \n
- Capability inventory: The skill has high capabilities, including generating complex business logic, configuring data layers (Server Actions, Zustand), and setting up routing across multiple files. \n
- Sanitization: No explicit sanitization or validation of the requirement content is mentioned, although the strict adherence to the provided convention files (
references/) acts as a structural constraint.
Audit Metadata