Skills
skills/elementalsouls/claude-bughunter/hunt-nextjs/Gen Agent Trust Hub

hunt-nextjs

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Employs standard CLI tools such as curl, grep, and python3 to perform reconnaissance and vulnerability testing on a user-provided target.
  • [REMOTE_CODE_EXECUTION]: Evaluated the automated finding regarding piped Python execution. The skill uses python3 -c with static inline strings to parse HTML content fetched from the target. This does not constitute an execution of untrusted remote code because the logic being executed is a hardcoded part of the skill, not data retrieved from the network.
  • [EXTERNAL_DOWNLOADS]: Fetches data and metadata from the target URL defined in the $TARGET variable to identify exposure of sensitive files like source maps or environment variables.
  • [SAFE]: The skill functions as a security auditing tool. Its operations are consistent with its stated purpose, and it does not attempt to exfiltrate credentials, persist on the system, or override agent safety protocols.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:05 PM
Security Audit — agent-trust-hub — hunt-nextjs