Well it's a next.js app that's not vulnerable to react2shell, that's at least something they've done right haha