vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The analysis of the skill across 58 files found no evidence of malicious patterns, prompt injection, or data exfiltration. The skill is entirely focused on providing educational content and best practices for React and Next.js performance.
- AUTHENTICATION BEST PRACTICES (INFO): The rule
server-auth-actions.mdcorrectly emphasizes the importance of verifying authentication and authorization inside Server Actions to prevent unauthorized access, which is a positive security pattern. - XSS EVALUATION (INFO): The rule
rendering-hydration-no-flicker.mdutilizesdangerouslySetInnerHTMLto inject a small, static JavaScript function for theme management. The script is benign, handles errors with a try-catch block, and does not process untrusted user input, posing no significant XSS risk in this context. - DEPENDENCY REVIEW (INFO): The skill references standard, well-maintained libraries such as
swr,lru-cache, andbetter-all. All external links point to reputable documentation sites (e.g., react.dev, nextjs.org, vercel.com).
Audit Metadata