nextjs-project-starter
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard project initialization commands, including 'npx create-next-app', 'npm install', 'gh repo create', and 'vercel link'. These operations are consistent with the skill's stated purpose of bootstrapping a web project.
- [EXTERNAL_DOWNLOADS]: The skill downloads standard software dependencies from the npm registry. It specifically references well-known libraries such as Mantine UI, Supabase, and Zustand. It also references official documentation from established providers (Next.js, Mantine, Supabase).
- [EXTERNAL_DOWNLOADS]: The skill utilizes external CLI tools (GitHub CLI and Vercel CLI) for project integration. These are standard developer tools for the target ecosystem.
- [DATA_EXFILTRATION]: No evidence of data exfiltration was found. The skill follows security best practices by generating environment variable templates (.env.example) and instructing users to manage their own credentials locally.
Audit Metadata