security-nextjs

Installation
SKILL.md

Security audit patterns for Next.js applications covering environment variable exposure, Server Actions, middleware auth, API routes, and App Router security.

Environment Variable Exposure

The NEXT_PUBLIC_ Footgun

NEXT_PUBLIC_* → Bundled into client JavaScript → Visible to everyone
No prefix     → Server-only → Safe for secrets
Installs
275
GitHub Stars
126
First Seen
Jan 24, 2026
security-nextjs — igorwarzocha/opencode-workflows