Skills
skills/clerk/skills/clerk-nextjs-patterns/Gen Agent Trust Hub

clerk-nextjs-patterns

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Potential surface for indirect prompt injection identified in the server action examples within references/server-actions.md and references/caching-auth.md.
  • Ingestion points: The skill provides templates that ingest untrusted user input via formData.get() (e.g., 'title', 'name') and route parameters.
  • Boundary markers: The code snippets do not include explicit boundary markers or instructions for the agent to treat this data as potentially untrusted instructions.
  • Capability inventory: The provided patterns demonstrate capabilities such as database mutations (db.posts.create, db.projects.create, db.projects.delete) and cache revalidation (revalidatePath, revalidateTag).
  • Sanitization: The examples show raw input from formData being passed directly to database query methods without illustrating validation or sanitization steps.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 03:45 PM