vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Trusted Source (SAFE): The skill is authored by 'vercel', which is a listed trusted organization. The contents align with official Vercel engineering documentation and industry-standard best practices.
- Data Privacy & Handling (SAFE): Rules regarding
localStorageandcookies(e.g.,client-localstorage-schema.md,js-cache-storage.md) focus on performance caching and schema versioning. No exfiltration patterns to non-whitelisted domains were found. - Dependency Analysis (SAFE): External dependencies mentioned, such as
swr,lru-cache,better-all, andlucide-react, are standard, reputable packages within the React ecosystem. Use of these follows the [TRUST-SCOPE-RULE]. - Security Posture (SAFE): The skill includes explicit security guidelines, notably
server-auth-actions.md, which instructs developers to treat Server Actions as public endpoints and enforce server-side authentication, preventing privilege escalation vulnerabilities in user applications. - Script Injection (SAFE): The use of
dangerouslySetInnerHTMLinrendering-hydration-no-flicker.mdis a documented and standard technique for preventing CSS/Theme flickering in Next.js applications and does not involve untrusted user input. - Indirect Prompt Injection (LOW): While the skill processes user code (an untrusted ingestion surface), it provides static guidelines and doesn't possess capabilities to execute or write files outside of its intended scope of providing advice.
Audit Metadata