using-next-devtools
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes tools such as
upgrade_nextjs_16andnextjs_auto_fixto perform automated modifications to the project's source code and configuration. These actions involve executing codemods and package management commands (e.g., npm or yarn) to update dependencies and apply fixes. - [PROMPT_INJECTION]: The skill demonstrates a vulnerability surface for indirect prompt injection (Category 8) due to its interaction with untrusted local data.
- Ingestion points: The agent reads project-level metadata from
package.json, analyzes local source code files for optimization, and retrieves runtime error logs or routing information from a local development server. - Capability inventory: The skill has extensive write capabilities, including the ability to insert "use cache" directives, set Suspense boundaries, and apply automated code fixes to the codebase.
- Boundary markers: There are no defined delimiters or specific instructions provided to the agent to treat data from the project files as untrusted or to ignore embedded instructions within those files.
- Sanitization: The instructions do not specify any validation or sanitization steps for the data ingested from the project environment before it influences the agent's code modification logic.
Audit Metadata