vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security vulnerabilities were detected. The skill was evaluated against all 10 threat categories including prompt injection, data exfiltration, and remote code execution.
- [PROMPT_INJECTION] (SAFE): The instructions provide legitimate behavioral guidelines for performance optimization. No attempts to bypass safety filters, extract system prompts, or override agent constraints were found.
- [DATA_EXPOSURE] (SAFE): No sensitive file paths, hardcoded credentials, or unauthorized network operations are present.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references local rule files (e.g., rules/async-parallel.md) but does not perform any remote downloads or package installations.
- [INDIRECT_PROMPT_INJECTION] (LOW): As a code-review skill, it is designed to ingest untrusted user code. While this creates a theoretical attack surface, the skill itself lacks the 'write' or 'execute' capabilities that would elevate this to a higher risk level, focusing instead on internal reasoning and display.
Audit Metadata