Skills

nextjs

Installation
SKILL.md

Next.js Code Review Rules

Security (Critical)

  • Server Actions must validate and sanitize all input
  • No secrets exposed in client components
  • Check headers() and cookies() usage is server-side only
  • Sanitize all dynamic values (file names, HTTP headers) to prevent injection attacks
  • Never use HTML comments (<!-- -->) in production code
  • Validate and escape all user-provided content before rendering

App Router Structure

  • Verify app/ directory structure follows conventions (page.tsx, layout.tsx, loading.tsx, error.tsx)
  • Check use client directive is only used when necessary (event handlers, hooks, browser APIs)
  • Server Components should not import client-only libraries (useState, useEffect, etc.)
  • Implement error boundaries with error.tsx for error handling
  • Use error boundaries to catch and handle errors in Server Components
  • Provide fallback UIs for errors with proper error messages
Installs
1
Repository
yldgio/anomalyco
First Seen
Mar 30, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
nextjs — yldgio/anomalyco