web-frameworks
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill references the use of npx to execute create-next-app and create-turbo. While these originate from Vercel (a trusted source), the instructions also point to local scripts (nextjs-init.py and turborepo-migrate.py) whose content was not provided for auditing.
- [Indirect Prompt Injection] (INFO): An indirect prompt injection surface exists in the data fetching example. (1) Ingestion: The fetch API is used to retrieve external data in app/posts/[slug]/page.tsx. (2) Boundary: No delimiters or explicit instructions to ignore embedded commands are present. (3) Capability: The data is rendered directly into the JSX output. (4) Sanitization: No sanitization or validation of the retrieved content is shown. This is rated as INFO because the capability is limited to display only.
Audit Metadata