nextjs
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation includes instructions to run local Python scripts (
validate_env.py,scan_exposed.py,sync_secrets.py) which are intended to automate the validation of environment variables and synchronization with external platforms like Vercel. - [CREDENTIALS_UNSAFE]: The guide contains examples of environment variable keys such as
JWT_SECRET,DATABASE_URL, andSTRIPE_SECRET_KEY. These are populated with educational placeholders (e.g.,your-jwt-secret) rather than real credentials, and the content explicitly provides security warnings against committing secrets to version control or exposing them via theNEXT_PUBLIC_prefix.
Audit Metadata