vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [TRUSTED SOURCE] (INFO): The skill is authored by 'vercel' and hosted at 'vercel-labs/agent-skills', which is a recognized trusted repository. This status indicates a high level of initial trust for the provided documentation and architectural patterns.
- [PROMPT_INJECTION] (SAFE): No instructions were found that attempt to override agent safety filters or ignore system prompts. The content is strictly technical and instructional.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, API keys, or suspicious network calls were detected. References to 'localStorage' and 'cookies' are within the context of standard web development practices (e.g., theme management).
- [REMOTE_CODE_EXECUTION] (SAFE): No remote scripts are downloaded or executed. The skill suggests using 'npx svgo' for local SVG optimization, which is a standard developer tool.
- [OBFUSCATION] (SAFE): All content is in plain-text markdown and standard TypeScript/JavaScript. No hidden Unicode tags, Base64 encoding, or homoglyph attacks were identified.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill functions as a static knowledge base. While it influences how an agent writes code, it does not ingest untrusted runtime data that could lead to indirect injection. The examples provided are hardcoded and benign.
Audit Metadata