vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is intended to evaluate and refactor external React and Next.js code, which creates a surface for indirect prompt injection if the processed code contains malicious instructions.
- Ingestion points: SKILL.md indicates the skill triggers on tasks involving user-supplied React components, Next.js pages, and PR descriptions.
- Boundary markers: No specific delimiters or "ignore instructions" warnings are defined in the file to isolate user code from the skill's logic.
- Capability inventory: The skill provides logic and reasoning guidelines; no executable scripts, system calls, file-write operations, or network calls are present in the provided file.
- Sanitization: No sanitization or filtering of external code content is defined.
- Trusted Source (INFO): The skill's metadata identifies the author as 'vercel', which is a recognized trusted organization. This confirms the legitimacy of the guidance content.
Audit Metadata