vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected. The content is strictly instructional and follows a professional template for performance rules.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were found. Code examples use standard Web APIs such as localStorage and document.cookie for legitimate demonstration purposes.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references established and trusted packages including 'lru-cache', 'swr', 'lucide-react', and 'svgo'. It also mentions 'better-all', which is a known utility by a Vercel engineer, consistent with the skill's stated origin.
- Dynamic Execution (SAFE): One rule ('rendering-hydration-no-flicker.md') demonstrates the use of 'dangerouslySetInnerHTML' to prevent hydration flicker. While this is a sensitive API, it is presented as a specific, isolated architectural pattern for syncing user preferences, which is a documented and standard practice for Next.js applications.
Audit Metadata