Skills
skills/yigitkonur/skills-by-yigitkonur/build-tinacms-nextjs/Gen Agent Trust Hub

build-tinacms-nextjs

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions frequently use pnpm dlx (and npx) to run initialization and audit tools from @tinacms/cli and create-next-app.
  • These downloads target the official npm registry for well-known development tools.
  • Documentation references dependencies from established technology providers including Vercel, Clerk, Upstash, and MongoDB.
  • [COMMAND_EXECUTION]: The skill includes two shell scripts used for project diagnostics.
  • scripts/check-tina-env.sh: Performs read-only inspection of environment variables and configuration files to determine the project's backend configuration. It correctly identifies the presence of secrets without printing their values.
  • scripts/check-tina-versions.sh: Uses Node.js to parse package.json and check for matching versions of TinaCMS and Next.js.
  • The instructions guide the agent to execute standard build and development commands (tinacms dev, tinacms build, tinacms audit).
  • [SAFE]: The skill demonstrates a strong security posture by including explicit instructions for:
  • Hashing passwords using bcrypt for self-hosted user management.
  • Storing secrets in .env files and ensuring they are listed in .gitignore.
  • Implementing secure webhook handlers with authorization checks and fail-closed logic.
  • Using read-only tokens for client-side queries.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:49 PM