vercel-react-best-practices
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata in SKILL.md and AGENTS.md identifies the author as 'vercel' and 'Vercel Engineering,' which contradicts the system-provided author identity 'aaaaqwq.' This discrepancy constitutes metadata poisoning through impersonation of a trusted organization.\n- [PROMPT_INJECTION]: The skill's primary function involves reviewing and refactoring user-provided code, which creates a surface for indirect prompt injection attacks. If the agent processes untrusted code containing embedded instructions while applying these guidelines, it could be manipulated into performing unintended actions.\n
- Ingestion points: User-provided React and Next.js code snippets or project files for performance auditing and refactoring.\n
- Boundary markers: Absent; the skill does not define specific delimiters to separate user data from agent instructions.\n
- Capability inventory: The skill itself does not contain scripts with network or filesystem access, but the agent using it typically possesses these capabilities for code management tasks.\n
- Sanitization: No mechanisms are described for sanitizing or validating input code before processing.
Audit Metadata