nextjs-patterns

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: No security issues were detected in the skill's code or instructions. The provided snippets follow security best practices, such as keeping sensitive access tokens on the server side and using environment variables.
  • [PROMPT_INJECTION]: The skill directs the agent to fetch documentation from external websites (nextjs.org and catalyst.dev) and perform web searches. This introduces a surface for indirect prompt injection where instructions embedded in external content could potentially influence the agent's behavior. However, since these sources are well-known and reputable services, the risk is negligible.
  • Ingestion points: SKILL.md (Before writing code section).
  • Boundary markers: Absent.
  • Capability inventory: Read, Write, Edit, Bash, Grep, Glob, WebSearch, WebFetch.
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:33 AM
Security Audit — agent-trust-hub — nextjs-patterns