vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Category 1: Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior, bypass safety guidelines, or extract system prompts. The content is strictly technical documentation.
- Category 2: Data Exposure & Exfiltration (SAFE): Mentions of data storage (cookies and localStorage) are framed within performance contexts. The skill explicitly warns against the accidental storage of sensitive data (tokens/PII) in Rule 'client-localstorage-schema.md'.
- Category 4: Unverifiable Dependencies & RCE (SAFE): The skill references standard, reputable packages in the React ecosystem such as 'swr', 'zod', 'lru-cache', and 'better-all'. No suspicious remote script execution patterns were detected.
- Category 8: Indirect Prompt Injection (SAFE): This skill provides static guidance for code authoring. It does not ingest untrusted runtime data that could be used to manipulate agent instructions.
- Category 10: Dynamic Execution (SAFE): Standard React patterns like dynamic imports and 'dangerouslySetInnerHTML' are used for documented performance optimizations (e.g., code splitting and preventing hydration flicker) and do not incorporate untrusted external input.
Audit Metadata