next-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- Official Tooling and Integration: The skill references official Next.js tools such as
@next/codemodand@next/third-parties. These are provided by the framework maintainers to assist with migrations and common integrations, ensuring alignment with security best practices. - Safe Data Handling Patterns: It provides guidance on handling asynchronous request data using built-in Next.js APIs. The examples demonstrate secure patterns for data fetching in Server Components and mutations via Server Actions, which help maintain clear security boundaries.
- Environment and Runtime Guidance: The documentation offers clear advice on selecting appropriate runtimes and managing environment variables, emphasizing the proper handling of server-side secrets versus public configuration.
- Third-Party Resource Management: The skill describes the use of
next/scriptandnext/imageto optimize the loading of external scripts and remote images. It correctly highlights the need for explicit domain configuration innext.config.jsto mitigate risks from untrusted remote content. - Development and Debugging Utilities: Reference is made to the Next.js Model Context Protocol (MCP) endpoint and experimental build flags. These are documented development features designed to improve the developer experience and troubleshooting within local environments.
Audit Metadata