nextjs-route-scaffold
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill reads local files, specifically
package.jsonand existing route components likepage.tsx, to determine the project's Next.js version and coding style. This is a read-only operation necessary for the skill's primary function and is restricted to the local workspace. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests content from existing project files to inform its generation logic.
- Ingestion points:
package.json(Step 1d) and existing route files (Step 1b). - Boundary markers: Absent.
- Capability inventory: File system writes for Next.js boilerplate (Step 5).
- Sanitization: Absent, though the agent relies on pre-defined code templates.
Audit Metadata