The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill contains three shell scripts (scripts/check-imports.sh, scripts/find-forwardref.sh, and scripts/detect-static-jsx.sh) designed to automate code reviews.
Evidence: The scripts use standard system utilities like grep to scan local directories for specific code patterns (e.g., default imports or deprecated React APIs).
Context: These are intended for local static analysis of a codebase and do not execute arbitrary code from the internet.
[EXTERNAL_DOWNLOADS] (SAFE): The README.md and references/ files contain links to external resources and standard tools.
Evidence: References include vercel-labs/agent-skills (a trusted source), react.dev, and suggestions to use npx svgo for SVG optimization.
Context: These are standard documentation links and tool recommendations for developers.
[DATA_EXFILTRATION] (SAFE): No network-capable commands (e.g., curl, wget) or patterns that transmit data were found.
[INDIRECT_PROMPT_INJECTION] (LOW): As a code-auditing tool, the skill has a surface for indirect prompt injection if it processes maliciously crafted source code.
Ingestion points: Shell scripts read content from user-provided directories.
Boundary markers: None present in the shell scripts.
Capability inventory: Local file read and stdout printing.
Sanitization: Scripts use basic grep patterns; results are interpreted by the agent.
[CODE_QUALITY] (INFO): Some recommended patterns (e.g., prevent-hydration-mismatch.md) suggest the use of dangerouslySetInnerHTML. While this is a standard React pattern for syncing state before hydration, it should be used with caution in production to avoid XSS if the inputs are untrusted.

accelint-react-best-practices