nextstep-tours
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to download and install the 'nextstepjs' and 'motion' packages from standard package registries.
- [COMMAND_EXECUTION]: Provides example commands for installing project dependencies using package managers like npm, pnpm, yarn, and bun.
- [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection via the tutorial validation pattern which processes untrusted data.
- Ingestion points: Untrusted data enters the agent context through local API responses (e.g., '/api/projects') and browser 'localStorage' values.
- Boundary markers: No explicit delimiters or boundary markers are used to separate tutorial instructions from the processed data.
- Capability inventory: The skill exhibits capabilities for client-side navigation and UI state management.
- Sanitization: Validation logic includes basic checks for array length and string presence, but no content-level sanitization.
Audit Metadata