vercel-react-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill creates a significant attack surface by design, as it involves an agent processing untrusted external code to perform refactoring and code generation.
- Ingestion points: External React components and Next.js source code provided by users or fetched from repositories (SKILL.md).
- Boundary markers: Absent; there are no instructions to the agent to distinguish between code-as-data and embedded instructions.
- Capability inventory: Writing, reviewing, and refactoring React/Next.js code, which implies file-system write access or code modification capabilities for the agent using this skill (SKILL.md).
- Sanitization: Absent; the skill does not define any validation or filtering for the code being processed.
- [METADATA_POISONING] (LOW): The skill claims to be maintained by 'Vercel Engineering' and uses high-impact 'CRITICAL' and 'HIGH' priority labels for its rules. While Vercel is a trusted entity, the lack of verifiable source links within this file for the 45 rules mentioned (referencing local 'rules/*.md' and 'AGENTS.md') means these claims cannot be statically verified.
- [PROMPT_INJECTION] (SAFE): No direct prompt injection patterns (overrides, bypasses, or 'Ignore previous instructions') were detected in the skill text.
Recommendations
- AI detected serious security threats
Audit Metadata