vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to have an AI agent process and refactor untrusted source code provided by users.
- Ingestion points: React and Next.js source code snippets and files provided by the user during development or review tasks.
- Boundary markers: The skill does not provide instructions for the agent to use delimiters or to disregard instructions that might be embedded within the code being analyzed.
- Capability inventory: An agent using this skill (specialist role) typically has capabilities for file system access and executing development tools.
- Sanitization: There is no requirement for the agent to sanitize or validate the user-provided code before processing it according to the performance rules.
- [EXTERNAL_DOWNLOADS]: The skill's documentation references and recommends several external libraries, including 'swr', 'lru-cache', 'better-all', and 'lucide-react'. These are well-known, high-quality packages originating from trusted organizations (such as Vercel) or reputable maintainers. Their inclusion in the optimization guide is appropriate and does not represent a security risk.
- [PROMPT_INJECTION]: A metadata discrepancy exists where the skill frontmatter identifies the author as 'vercel', while the uploader context is 'baotoq'. This is interpreted as a citation of the source material's origin rather than a malicious attempt at impersonation, though it is technically a form of metadata inconsistency.
Audit Metadata