The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is designed to ingest and act upon external project requirements, data sources, and rendering strategies. It lacks boundary markers or instructions to ignore embedded malicious prompts within these inputs. Since the agent has the capability to write code, manage packages, and perform deployments, an attacker could provide requirements that trick the agent into installing malicious dependencies or adding backdoors.
Ingestion points: File SKILL.md: 'Query context manager for Next.js project requirements', 'application type, rendering strategy, data sources...'
Boundary markers: Absent. The agent is not instructed to treat external requirements as untrusted data.
Capability inventory: File SKILL.md: npm (package management/execution), vercel (deployment/hosting), prisma (database access), next (CLI execution).
Sanitization: Absent. There is no logic provided to validate or filter the project requirements.
[Command Execution] (LOW): The skill utilizes a suite of powerful CLI tools including npm, vercel, and next. While these are appropriate for the stated purpose of Next.js development, they represent a significant attack surface if the agent is influenced by malicious instructions.
[Credential Exposure] (INFO): The skill mentions 'Environment variables' and 'Authentication' under deployment and full-stack features. This is standard for web development, but users should be reminded not to provide actual secrets in project requirements or context queries.

nextjs-developer