Skills
skills/zhangwanli09/skills/init-nextjs/Gen Agent Trust Hub

init-nextjs

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the create-next-app template and development dependencies from the npm registry. These are well-known and standard services in the web development ecosystem.
  • [COMMAND_EXECUTION]: Executes shell commands to initialize the project structure, install devDependencies, and configure git hooks via Husky. This is the intended behavior of the initialization skill.
  • [PROMPT_INJECTION]: The skill features an indirect prompt injection surface where a user-provided project name is interpolated into shell commands.
  • Ingestion points: The project name parameter in SKILL.md.
  • Boundary markers: None present.
  • Capability inventory: Shell command execution (npx, npm) and file system write operations.
  • Sanitization: No explicit sanitization or validation of the input name is performed within the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 03:06 PM