next-upgrade
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution & External Downloads (MEDIUM): The skill utilizes
npx @next/codemod@latestto fetch and execute transformation scripts directly from the npm registry. While this is the official method for Next.js migrations, executing code from a public registry at runtime carries inherent risk of supply chain attacks. - Command Execution (LOW): The skill executes multiple shell commands including
npm install,npm run build, andnpm run dev. These operations modify the project environment and execute local scripts based on the state of the codebase. - Indirect Prompt Injection (LOW): The skill exhibits an indirect prompt injection surface by fetching external documentation from
nextjs.orgto determine migration steps. - Ingestion points: Instructions 2 and 3 involve fetching data from external URLs via WebFetch.
- Boundary markers: Absent. There are no instructions to ignore embedded commands or malicious patterns in the fetched text.
- Capability inventory: The skill has the ability to run shell commands (
npx,npm), install packages, and execute build/dev scripts. - Sanitization: Absent. The agent is expected to interpret the documentation and apply it directly to the command line without validation filters.
- Unverifiable Dependencies (MEDIUM): The skill explicitly instructs to install
latestversions of several packages (next,react,react-dom). Using unpinned versions can lead to non-deterministic environments and potential exposure to malicious package releases.
Audit Metadata