nextjs-server-components

SUSPICIOUS: the RSC guidance itself is benign, but the mandatory use of external agent skills and MCP research tools makes the footprint broader than a simple documentation skill. Main concern is transitive trust and prompt-injection exposure, not confirmed malware or credential theft.