The Agent Skills Directory

[No Issues Detected] (SAFE): A thorough review of all 148 files in the skill revealed no security vulnerabilities. The content consists of markdown files providing technical guidance for migrating web applications.\n- [Command Execution] (SAFE): The skill contains numerous examples of shell commands such as npm install, next build, and vercel deploy. These are standard development commands and target well-known, trusted tools and package registries (npm).\n- [Data Exposure] (SAFE): While some files mention sensitive environment variables (e.g., DATABASE_URL, STRIPE_SECRET_KEY), these are used as generic examples in educational snippets and do not contain real credentials.\n- [Dynamic Execution] (SAFE): Usage of dangerouslySetInnerHTML in SEO (JSON-LD) and theming (dark mode flash prevention) contexts follows documented best practices for those specific use cases.\n- [Indirect Prompt Injection] (LOW): As a set of migration rules, the skill involves processing user-provided code. While this presents a surface for indirect prompt injection if the processed code contains malicious instructions, the skill itself does not facilitate this beyond its intended purpose of code transformation.

cra-to-next-migration