vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues detected. The skill consists of markdown documentation and code examples for web development best practices.
- [Data Exposure & Exfiltration] (SAFE): No sensitive data, hardcoded credentials, or unauthorized network operations were found. References to standard web APIs (fetch, localStorage, cookies) are used appropriately within the context of the engineering examples.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): Recommended packages such as 'swr', 'lru-cache', and 'better-all' are well-known, reputable libraries. No automated remote code execution patterns or suspicious download/pipe-to-shell commands were identified.
- [Obfuscation] (SAFE): The content is transparent and uses no encoding, zero-width characters, or homoglyphs to mask intent.
- [Indirect Prompt Injection] (SAFE): While the skill is designed to process user-provided code for refactoring, it does not introduce exploitable capability surfaces or lack boundary awareness beyond the inherent nature of LLM coding tasks.
Audit Metadata