next16-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill uses authoritative 'Elite' framing and 'Mandatory' instructions to override the agent's knowledge of Next.js security and architectural patterns.
- Metadata Poisoning (HIGH): The skill's metadata hallucinates future version numbers (Next.js 16.1.1, React 19.2) to gain false credibility and facilitate the acceptance of unsafe instructions.
- Indirect Prompt Injection (HIGH): By acting as an untrusted instructional source that advocates for disabling real security controls (middleware.ts), the skill creates a high risk of downstream security bypasses in the applications the agent develops. [Ingestion points]: SKILL.md, references/proxy-deep-dive.md. [Capability inventory]: Generation of authentication, routing, and security logic. [Boundary markers]: None. [Sanitization]: None.
Recommendations
- AI detected serious security threats
Audit Metadata