vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains performance guidelines for AI agents to follow. These instructions are legitimate and do not attempt to bypass safety filters or extract system prompts.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network operations were found. The skill does not access or transmit any user data.
- [Obfuscation] (SAFE): All markdown and TypeScript files are written in clear text without any Base64, zero-width characters, or other encoding techniques intended to hide malicious content.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The package.json specifies standard development dependencies (typescript, tsx). There are no patterns involving downloading and piping remote scripts into a shell.
- [Dynamic Execution] (SAFE): The project uses tsx to run local build and validation scripts. This is a standard development workflow and does not involve executing untrusted or dynamically generated code from external sources.
Audit Metadata