The Agent Skills Directory

Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found. The content is strictly instructional regarding software performance.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were detected. Use of localStorage is confined to theme and configuration management as per standard web practices.
Obfuscation (SAFE): No Base64 encoding, zero-width characters, or homoglyphs were identified. All content is in plain markdown and standard code examples.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references well-known and reputable packages like swr, lru-cache, and better-all (authored by known Vercel engineers). No piped remote execution or dangerous download patterns were found.
Privilege Escalation & Persistence (SAFE): No commands involving sudo, system service modifications, or shell profile alterations were detected.
Indirect Prompt Injection (SAFE): While the skill is intended to process user code, it provides static guidelines rather than dynamic execution surfaces. The guidance provided (e.g., authenticating Server Actions) actually improves the security posture of the code being reviewed.

vercel-react-best-practices