Skills
skills/alexander-danilenko/cortex-ai-skills/nextjs-developer/Gen Agent Trust Hub

nextjs-developer

Warn

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The server action example for file uploads in references/server-actions.md is vulnerable to path traversal. It uses file.name from untrusted input directly in path.join(process.cwd(), 'public', 'uploads', file.name) without any sanitization, which could allow a malicious actor to overwrite arbitrary files on the server.
  • [SAFE]: The deployment documentation in references/deployment.md follows security best practices by recommending the Authorization header for revalidation secrets instead of query parameters.
  • [SAFE]: The skill correctly identifies the risks of using dangerouslySetInnerHTML and recommends using sanitization libraries like DOMPurify.
  • [SAFE]: The skill references industry-standard and trusted tools from providers such as Vercel, Prisma, and Sentry.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 13, 2026, 03:55 PM
Security Audit — agent-trust-hub — nextjs-developer