vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior or security threats were identified. The skill content is purely instructional documentation focused on web performance optimization.- [SAFE]: The skill metadata lists 'vercel' as the author while the actual provider is 'fimoklei'. This is interpreted as a legitimate source attribution for the documented best practices rather than a deceptive impersonation attempt.- [PROMPT_INJECTION]: The skill serves as a comprehensive instruction set designed to influence the agent's code generation behavior. This constitutes a surface for indirect prompt injection.
- Ingestion points: Technical rules and best practices are ingested from
AGENTS.mdand the markdown files within therules/directory. - Boundary markers: Absent. The skill does not provide specific delimiters to isolate its instructions from other contextual data.
- Capability inventory: The instructions guide the agent in performing code refactoring and generation, which involve file system operations (write) and potential build process execution.
- Sanitization: While not directly performing data processing, the guidelines themselves promote security best practices such as input validation via Zod and manual authorization checks in server actions.
Audit Metadata