vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious logic, hardcoded credentials, or exfiltration patterns were detected across the analyzed rule files and metadata.
- [Indirect Prompt Injection] (LOW): The skill is designed to audit and refactor user-provided React code. This creates a surface for indirect prompt injection if an attacker-controlled codebase contains instructions intended to mislead the agent. This risk is inherent to the code-auditing purpose and is not a malicious feature of the skill itself.
- [External Downloads] (LOW): The skill references standard industry packages such as
swr,lru-cache,zod, andbetter-all. These are well-known utilities in the React/Vercel ecosystem and are considered trustworthy in this context. - [Dynamic Execution] (LOW): The rule
rendering-hydration-no-flickerdemonstrates the use ofdangerouslySetInnerHTMLto inject a small, hardcoded script for theme management. This is a common performance optimization for SSR and does not involve the execution of arbitrary or untrusted code.
Audit Metadata