Skills
skills/vercel/nextjs-skills/next-upgrade/Gen Agent Trust Hub

next-upgrade

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (LOW): The skill executes npx @next/codemod@latest, which downloads and runs code at runtime. This targets official Vercel/Next.js tools, which are considered trusted.
  • PROMPT_INJECTION (LOW): The skill processes untrusted web content from nextjs.org to determine upgrade steps, creating an indirect prompt injection surface. 1. Ingestion points: https://nextjs.org/docs/app/guides/upgrading/ documentation URLs. 2. Boundary markers: Absent. 3. Capability inventory: npm install, npx, and npm run build. 4. Sanitization: Absent.
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches content from nextjs.org, an official and trusted source for this task.
  • COMMAND_EXECUTION (LOW): The skill runs shell commands for installing dependencies and verifying builds, which is necessary for its stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:19 PM