nextjs
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- Standard Development Tooling: The skill utilizes official Next.js and Vercel CLI tools, such as
npx create-next-appandpnpm next upgrade, to facilitate project setup and version management. These tools are used according to standard development practices for the framework. - Security Advisory Awareness: A significant portion of the skill is dedicated to informing users about critical security vulnerabilities (e.g., CVE-2025-66478 and CVE-2025-55182). It provides clear instructions on patching these issues by upgrading dependencies, which is a proactive security feature.
- Secure Architecture Recommendations: The guidance promotes secure coding patterns, such as using lazy initialization for database clients to avoid build-time environment variable leakage and recommending against the use of middleware as the sole authorization layer (mitigating CVE-2025-29927).
- Legacy Pattern Validation: The skill includes validation rules that detect legacy or deprecated Next.js patterns (like
getServerSidePropsornext/router) and suggests modern, more performant, and secure App Router alternatives.
Audit Metadata