Trust Assessment
next-upgrade received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `npx` arguments, Potential Command Injection via `npm run` scripts, Unpinned dependencies using `@latest` tag.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 18, 2026 (commit 038954e0). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `npx` arguments The skill instructs the agent to execute `npx @next/codemod@latest <transform> <path>`. If the `<transform>` or `<path>` arguments are derived from untrusted input (e.g., user input, or values read from a potentially malicious project file), an attacker could inject arbitrary shell commands. This could lead to remote code execution on the host system. Ensure all arguments passed to `npx` are strictly validated and sanitized. If dynamic values are necessary, use a safe execution mechanism that prevents shell injection, or hardcode allowed values. | Unknown | SKILL.md:23 | |
| HIGH | Potential Command Injection via `npm run` scripts The skill instructs the agent to execute `npm run build` and `npm run dev`. These commands execute scripts defined in the project's `package.json`. If the `package.json` of the target project is malicious or has been tampered with, these commands could execute arbitrary code on the host system. This is a significant risk when operating on untrusted repositories or user-provided projects. When executing `npm run` on untrusted projects, consider running in a sandboxed environment with strict resource and network isolation. If possible, analyze the `package.json` scripts for suspicious commands before execution. | Unknown | SKILL.md:45 | |
| INFO | Unpinned dependencies using `@latest` tag The skill instructs to install dependencies using the `@latest` tag (e.g., `npm install next@latest`). While this is often the explicit goal of an 'upgrade' skill, it introduces a supply chain risk. The skill's behavior is dependent on the latest published version of these packages, which could change unexpectedly or introduce vulnerabilities if a malicious or buggy version is published. This lack of version pinning makes the skill's execution non-deterministic. For critical applications, consider pinning specific versions or using a lockfile to ensure deterministic builds. For an upgrade skill, this might be an acceptable trade-off, but the user should be aware of the implications of installing the absolute latest version without prior review. | Unknown | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/6428bef1d6b308d0)
Powered by SkillShield