react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The file
references/rules/download_rules.shcontains a script designed to fetch documentation rules from a remote GitHub repository. - Evidence: Multiple instances of
curl -s "$BASE_URL/..." > ...in the script. - Mitigation: The source organization
vercel-labsis on the Trusted GitHub Organizations list, which downgrades the download finding to LOW per [TRUST-SCOPE-RULE]. - [Dynamic Execution] (INFO): The performance rule
rendering-hydration-no-flicker.mddemonstrates the use ofdangerouslySetInnerHTMLto prevent UI flickering. - Evidence: Example code snippet in
rendering-hydration-no-flicker.mdusingdangerouslySetInnerHTML={{ __html: ... }}. - Note: This is a standard architectural pattern for Next.js theme management and is presented for educational purposes.
- [Indirect Prompt Injection] (LOW): The skill provides instructions for the agent to review and optimize external React code, creating an inherent ingestion surface for untrusted data.
- Evidence:
SKILL.mddefines use cases such as 'Reviewing code for performance improvements' and 'Refactoring existing components'. - Mandatory Evidence Chain: 1. Ingestion: Reading user-provided React/Next.js code files. 2. Boundaries: No explicit boundary delimiters defined for code review tasks. 3. Capability Inventory: Code reasoning and refactoring advice; shell execution via the download script. 4. Sanitization: Not applicable to diagnostic/advice output.
- Severity: This is a Tier 3 (LOW) risk as the skill primarily influences agent reasoning rather than executing high-privilege side effects.
Audit Metadata