hunt-nextjs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and instructs use of curl commands that embed sensitive values verbatim (session cookies, action IDs, revalidation secrets, collaborator subdomains), which would require the agent to handle/output secret values directly (insecure credential handling).

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an offensive exploitation playbook for Next.js containing explicit, actionable instructions to bypass auth, exfiltrate data (including cloud metadata), perform SSRF and IDOR, read local files via exposed dev endpoints, and otherwise compromise targets—clearly intended for misuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow uses curl to fetch arbitrary target HTML/JS/JSON from the outsider-controlled web target (e.g., /, /_next/static/chunks/*.js, /_next/data/$BUILD_ID/*.json), and then parses/greps that fetched free-form text into the agent’s context (e.g., extracting buildId, action IDs, and __NEXT_DATA__ props), which is outsider-authored content.