inject-nextjs-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly runs "npx @next/codemod@canary agents-md" which "auto-detects the Next.js version and downloads matching documentation" from Vercel's servers and injects that public third-party documentation into CLAUDE.md/AGENTS.md (see SKILL.md "The codemod auto-detects...downloads matching documentation" and "Requires network: The codemod downloads documentation from Vercel's servers"), meaning the agent will ingest and rely on externally sourced web content that can influence its subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs the external codemod at runtime via "npx @next/codemod@canary", which fetches and executes remote code and downloads documentation from Vercel's servers to inject into CLAUDE.md/AGENTS.md (thereby executing remote code and supplying content that directly controls agent prompts).