The Agent Skills Directory

[SAFE] (SAFE): The skill contains a set of 57 technical optimization rules for React development. All code examples are standard patterns for performance improvement and do not contain hidden malicious logic.
[EXTERNAL_DOWNLOADS] (LOW): The guide references several legitimate third-party libraries including swr, better-all, lru-cache, and lucide-react. Per the [TRUST-SCOPE-RULE], these are downgraded to LOW/INFO as they are standard industry packages and many are associated with the trusted Vercel organization.
[CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys or secrets were detected. Placeholder values like /api/users and db.user.delete are used correctly for documentation purposes.
[DATA_EXFILTRATION] (SAFE): No patterns for exfiltrating sensitive data were found. Rule client-localstorage-schema.md actively warns against storing sensitive data (PII/tokens) in client-side storage.
[PROMPT_INJECTION] (SAFE): No attempts to override agent behavior, extract system prompts, or bypass safety guidelines were detected in the markdown or metadata.
[DYNAMIC_EXECUTION] (SAFE): The use of dangerouslySetInnerHTML in rules/rendering-hydration-no-flicker.md is for a documented and legitimate purpose: injecting a small, synchronous script to set a theme class before React hydration to prevent layout flickering.
[COMMAND_EXECUTION] (SAFE): The README mentions standard development commands like pnpm build and pnpm install, but the skill itself does not attempt to execute arbitrary or dangerous commands on the host system.

vercel-react-best-practices