审计历史
next-js-16-launchpad - 6 审计
审计版本 6
最新 中风险Jun 28, 2026, 07:59 PM
Static analysis reported many command, network, environment, and sensitive-data patterns, but most are Markdown examples or public starter-code samples. No prompt injection, credential exfiltration, obfuscation, or confirmed malicious intent was found. The skill should publish with a medium warning because the included PowerShell bootstrap script and documented commands execute package-manager operations when users run them.
中风险问题 (2)
低风险问题 (5)
风险因素
⚙️ 外部命令 (4)
🌐 网络访问 (4)
检测到的模式
审计版本 5
安全Jan 16, 2026, 07:44 PM
All 849 static findings are false positives. The skill is a legitimate Next.js 16 documentation resource. External commands, network calls, and crypto references are all from markdown documentation showing code examples, not actual executable code with security implications.
审计版本 4
安全Jan 16, 2026, 07:44 PM
All 849 static findings are false positives. The skill is a legitimate Next.js 16 documentation resource. External commands, network calls, and crypto references are all from markdown documentation showing code examples, not actual executable code with security implications.
审计版本 3
低风险Jan 10, 2026, 11:58 AM
This skill contains documentation and reference code for Next.js 16 development. A PowerShell bootstrap script is included for project setup but only runs standard Node.js/npm commands. No malicious behavior, data exfiltration, or credential theft detected.
风险因素
⚡ 包含脚本 (1)
⚙️ 外部命令 (1)
审计版本 2
低风险Jan 10, 2026, 11:58 AM
This skill contains documentation and reference code for Next.js 16 development. A PowerShell bootstrap script is included for project setup but only runs standard Node.js/npm commands. No malicious behavior, data exfiltration, or credential theft detected.
风险因素
⚡ 包含脚本 (1)
⚙️ 外部命令 (1)
审计版本 1
低风险Jan 10, 2026, 11:58 AM
This skill contains documentation and reference code for Next.js 16 development. A PowerShell bootstrap script is included for project setup but only runs standard Node.js/npm commands. No malicious behavior, data exfiltration, or credential theft detected.