vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No attempts to override system instructions or bypass safety filters were found. The content is strictly technical and instructional.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file access, or suspicious network calls. The documentation specifically includes guidance on preventing the storage of sensitive data in localStorage.
- Obfuscation (SAFE): No Base64, zero-width characters, or other obfuscation techniques were identified in the analyzed files.
- Unverifiable Dependencies & RCE (SAFE): The skill mentions several standard industry libraries (SWR, Lucide, MUI, etc.) as part of its coding advice. It references 'better-all' from a GitHub user (shuding), which is a known project in the Vercel ecosystem, and does not involve automated execution.
- Indirect Prompt Injection (LOW): The skill is designed to analyze and refactor user-provided React/Next.js code, which is an inherent attack surface for indirect injection if the processed code is malicious.
- Ingestion points: User-provided React components, Next.js pages, and API routes during code review or refactoring tasks.
- Boundary markers: None explicitly defined in the skill's documentation.
- Capability inventory: The agent using this skill typically possesses file-read and file-write capabilities for refactoring codebases.
- Sanitization: Not applicable as the skill is static documentation for human/agent reference.
Audit Metadata