Skills
skills/wottpal/skills/jotai-nextjs/Gen Agent Trust Hub

jotai-nextjs

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill suggests using npm view to fetch package metadata, which is a read-only shell operation.
  • [EXTERNAL_DOWNLOADS] (LOW): It employs npx -y mcporter for querying library documentation, involving the download of an external package.
  • [REMOTE_CODE_EXECUTION] (LOW): The use of npx effectively executes remote package code; however, this is used for documentation retrieval and is downgraded due to its alignment with the skill's primary purpose.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes data from external command outputs and documentation, creating a surface for indirect prompt injection.
  • Ingestion points: Outputs from npm and mcporter.
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution (npm, npx).
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 05:28 AM