Next.js Production Engineering

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Next.js production guide with no hidden code, but users should review its authentication and deployment examples before applying them.

Safe to install as a markdown guidance skill, but do not copy the middleware auth example unchanged. When using it for authentication, deployment, CI/CD, or audits, ask the agent for a plan first, constrain the target files/environments, and review generated code and commands before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The middleware example is logically broken because every pathname starts with `/`, so the `publicRoutes.some(route => pathname.startsWith(route))` check makes all routes effectively public. If copied into production, protected pages and APIs could bypass authentication entirely, leading to unauthorized access.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The quick-start prompts are very broad and encourage the agent to perform high-impact engineering tasks like adding authentication, deploying with Docker, and auditing applications without any stated scope, guardrails, or confirmation requirements. In an agentic environment, such unconstrained triggers can cause overbroad code changes, insecure assumptions, or risky operational actions if the agent interprets them as permission to modify production-sensitive areas automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal