vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to review, refactor, and generate code based on a set of rules. This creates a surface for indirect prompt injection, as malicious instructions could be embedded in the source code provided to the agent for review.
- Ingestion points: React components and Next.js source code provided by users during tasks (SKILL.md).
- Boundary markers: Absent. The instructions do not specify how to handle or ignore instructions embedded within the code being processed.
- Capability inventory: The skill encourages the agent to perform automated code refactoring and generation (AGENTS.md).
- Sanitization: No input sanitization or validation of the input code is specified.
Audit Metadata