Trust Assessment
next-upgrade received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `npx` arguments, Potential Command Injection via `npm run` scripts, Unpinned dependencies using `@latest` tag.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 18, 2026 (commit 038954e0). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `npx` arguments The skill instructs the agent to execute `npx @next/codemod@latest <transform> <path>`. If the `<transform>` or `<path>` arguments are derived from untrusted input (e.g., user input, or values read from a potentially malicious project file), an attacker could inject arbitrary shell commands. This could lead to remote code execution on the host system. Ensure all arguments passed to `npx` are strictly validated and sanitized. If dynamic values are necessary, use a safe execution mechanism that prevents shell injection, or hardcode allowed values. | LLM | SKILL.md:23 | |
| HIGH | Potential Command Injection via `npm run` scripts The skill instructs the agent to execute `npm run build` and `npm run dev`. These commands execute scripts defined in the project's `package.json`. If the `package.json` of the target project is malicious or has been tampered with, these commands could execute arbitrary code on the host system. This is a significant risk when operating on untrusted repositories or user-provided projects. When executing `npm run` on untrusted projects, consider running in a sandboxed environment with strict resource and network isolation. If possible, analyze the `package.json` scripts for suspicious commands before execution. | LLM | SKILL.md:45 | |
| INFO | Unpinned dependencies using `@latest` tag The skill instructs to install dependencies using the `@latest` tag (e.g., `npm install next@latest`). While this is often the explicit goal of an 'upgrade' skill, it introduces a supply chain risk. The skill's behavior is dependent on the latest published version of these packages, which could change unexpectedly or introduce vulnerabilities if a malicious or buggy version is published. This lack of version pinning makes the skill's execution non-deterministic. For critical applications, consider pinning specific versions or using a lockfile to ensure deterministic builds. For an upgrade skill, this might be an acceptable trade-off, but the user should be aware of the implications of installing the absolute latest version without prior review. | LLM | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/6428bef1d6b308d0)
Powered by SkillShield