building-nextjs-saas
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill illustrates a pattern where user input is directly interpolated into AI prompts without sanitization, creating an indirect prompt injection surface.
- Ingestion points: The 'additionalReq' and 'roomType' fields are received in the request body of the API route defined in references/AI-INTEGRATION.md.
- Boundary markers: No delimiters or protective instructions are used to separate user-provided content from the system prompt.
- Capability inventory: The skill performs network operations to external AI services (OpenAI/Replicate) and saves output to Firebase Storage.
- Sanitization: There is no evidence of input validation or escaping for user-controlled data before it is sent to the AI model.
- [EXTERNAL_DOWNLOADS]: The documentation refers to the installation of various standard libraries from trusted organizations and well-known services. Package references include @clerk/nextjs, drizzle-orm, replicate, stripe, and @paypal/react-paypal-js. These tools are used for their intended purposes as described in the SaaS architecture.
- [COMMAND_EXECUTION]: The skill contains instructions to use standard development CLI tools for project setup and database management. Commands include 'npm install', 'npx create-next-app', and 'npx drizzle-kit push'. These are legitimate development operations and do not show signs of malicious intent.
- [DATA_EXFILTRATION]: The skill's code snippets perform network operations to domains provided in the request body, which could lead to SSRF. Code in references/AI-INTEGRATION.md uses axios.get(imageUrl) and fetch(imageUrl) to download images from user-supplied URLs. The pattern lacks URL validation or an allow-list, which is a common security oversight in image processing pipelines.
Audit Metadata