nextjs-fullstack-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill references and executes several shell scripts (e.g.,
scripts/init.sh,scripts/db-migrate.sh,scripts/db-reset.sh) whose contents are not provided for analysis. Executing opaque local scripts can lead to arbitrary code execution if those files are modified. - [Indirect Prompt Injection] (HIGH): This skill demonstrates a high-risk capability tier by ingesting untrusted data (external templates and scripts) and possessing write/execute capabilities.
- Ingestion points: Template files located in
templates/and script files inscripts/are copied and executed. - Boundary markers: Absent. The agent is instructed to copy and run these files without verification.
- Capability inventory: Extensive subprocess execution including
bun create,bun add,docker compose, andbashscript execution. - Sanitization: Absent. There is no validation or escaping of the content within the template files before they are written to the filesystem or executed.
- [Command Execution] (LOW): The skill makes extensive use of system commands like
docker compose,mkdir,cp, andopenssl. While appropriate for a setup tool, these commands operate with the privileges of the executing user.
Recommendations
- AI detected serious security threats
Audit Metadata