nextjs-developer
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides patterns for handling untrusted data that represent an indirect prompt injection surface.\n
- Ingestion points: Untrusted data enters the application via
formDatainreferences/server-actions.mdand through dynamic route parameters (params) inreferences/app-router.md.\n - Boundary markers: No specific boundary markers or instructions to ignore embedded prompts are provided in the code templates.\n
- Capability inventory: The provided examples include file system writes (
fs/promises.writeFileinreferences/server-actions.md) and database mutations (prisma.db.post.createinreferences/server-actions.md).\n - Sanitization: While some examples utilize
zodfor basic type validation, others lack sanitization, specifically for filenames in file operations.\n- [COMMAND_EXECUTION]: A code example inreferences/server-actions.mddemonstrates an insecure file upload implementation.\n - Evidence: The
uploadAvatarfunction usesfile.namedirectly withinpath.join(process.cwd(), 'public', 'uploads', file.name). This allows for a path traversal attack where an attacker could overwrite sensitive files outside the intended directory by providing a manipulated filename (e.g.,../../target-file).\n- [EXTERNAL_DOWNLOADS]: The skill references and installs dependencies from well-known technology services.\n - Evidence: Mentions of
npm install -g vercel,@sentry/nextjs, and@vercel/analyticsare standard for Next.js development and originate from established vendors.\n- [SAFE]: The core workflow and architectural constraints defined inSKILL.mdalign with current industry best practices for Next.js 14, including the use of Server Components by default and proper environment variable management.
Audit Metadata