The Agent Skills Directory

[NO_CODE]: The skill consists entirely of 59 Markdown files including individual rule definitions and a compiled guide. No executable scripts, binaries, or configuration files are included in the package.
[SAFE]: The instructional content contains no prompt injection, bypass instructions, or jailbreak attempts. All documentation focus is on legitimate performance optimizations.
[SAFE]: Code examples within the documentation encourage secure coding practices, such as proper authentication for server actions and safe handling of client-side storage.
[SAFE]: The skill has an indirect prompt injection surface as it provides instructions for an agent to process user-provided code. Evidence Chain: 1. Ingestion points: User-supplied React components and Next.js pages. 2. Boundary markers: Absent. 3. Capability inventory: No technical capabilities found (documentation only). 4. Sanitization: Absent.
[SAFE]: Deceptive metadata is present. The skill's metadata and internal headers claim authorship by 'Vercel Engineering' and 'Vercel', while the actual author context provided is 'darraghh1'. This is assessed as a misleading metadata finding.

vercel-react-best-practices