nextjs-react-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and analyze untrusted external project files using Read, Glob, and Grep tools. Because the agent also has access to Bash, Write, and Edit tools, it is vulnerable to instructions embedded in the analyzed code that could trigger malicious side effects. 1. Ingestion points: Project files located at <project_path>. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit, Glob, Grep, Read. 4. Sanitization: Absent.
- [Command Execution] (HIGH): The skill explicitly instructs the agent to execute a local file 'scripts/react_performance_checker.py' via the Bash tool. Running unverified scripts with shell access presents a critical risk of arbitrary code execution.
- [Metadata Poisoning] (MEDIUM): The skill metadata claims to be authored by 'Vercel Engineering'. This claim is currently unverified as no trusted source URL was provided. Such claims can be used to deceptively influence the agent or user's trust in the skill's safety.
Recommendations
- AI detected serious security threats
Audit Metadata