vercel-react-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's core function is to process untrusted source code for optimization and refactoring, creating a significant vulnerability surface for indirect injection attacks.\n
- Ingestion points: React components, Next.js pages, and logic provided by users for performance review or modification.\n
- Boundary markers: Absent; the skill does not provide instructions to the agent to distinguish between target code and embedded natural language commands.\n
- Capability inventory: The skill enables high-impact capabilities including source code modification and logic generation (Write/Execute tier).\n
- Sanitization: No logic or instructions are present to sanitize, escape, or filter natural language content from the code being processed.\n- External Downloads (LOW): The skill recommends and provides implementation examples for several external Node.js packages.\n
- Evidence: Rule files like rules/client-swr-dedup.md, rules/server-cache-lru.md, and rules/rendering-svg-precision.md reference packages like 'swr', 'lru-cache', 'better-all', and 'svgo'.\n
- Trust Scope: These are industry-standard libraries and the skill author (vercel) is a trusted entity, downgrading the severity of these references to LOW per [TRUST-SCOPE-RULE].
Recommendations
- AI detected serious security threats
Audit Metadata