build-tinacms-nextjs
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install several packages including tinacms, @tinacms/cli, @tinacms/datalayer, next-auth, and various database adapters (upstash-redis-level, mongodb-level). These references are all directed toward the official TinaCMS ecosystem or well-known development services, qualifying them as safe references under project guidelines.
- [SAFE]: The included helper scripts (check-tina-env.sh and check-tina-versions.sh) perform read-only project inspections. They use controlled shell patterns and node execution to detect the project lane and package versions without logging or exfiltrating sensitive environment variable values.
- [SAFE]: The documentation provides robust security recommendations for self-hosting, such as mandatory bcrypt hashing for user passwords and instructions for managing secrets through environment variables rather than code commits.
Audit Metadata