nextjs-v16
Fail
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses deceptive documentation to trick the agent into performing unsafe system modifications. By claiming to be a guide for a future, non-existent version of Next.js, it provides a false technical justification for disabling security features.
- [COMMAND_EXECUTION]: The migration checklist contains a command to rename middleware.ts to proxy.ts (mv middleware.ts proxy.ts). In the Next.js framework, middleware.ts is the standard location for implementing security logic such as authentication, authorization, and bot protection. Renaming this file would bypass these security controls, as the framework would no longer recognize or execute the middleware logic.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install a non-existent version of the Next.js framework (next@16) and execute a non-existent codemod. This behavior could lead to the installation of malicious packages if an attacker were to register those names or versions on the npm registry before the official release.
- [REMOTE_CODE_EXECUTION]: The skill utilizes automated codemods via npx, which fetches and executes code from a remote registry. While targeting a trusted vendor's package, the instruction to execute non-existent scripts within that package context introduces unnecessary risk.
Recommendations
- AI detected serious security threats
Audit Metadata