react-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from a user's codebase.
- Ingestion points: React components, Next.js pages, and data fetching logic provided by the user for review or refactoring (as stated in SKILL.md).
- Boundary markers: Absent. The skill does not provide instructions for the agent to use delimiters or safety headers when reading external code.
- Capability inventory: The agent is expected to perform refactoring and code generation tasks based on the provided rules.
- Sanitization: Absent. There is no evidence of input sanitization or validation of the user-provided code before processing.
- [EXTERNAL_DOWNLOADS]: The skill references several external libraries and resources, including well-known packages such as SWR, better-all, and lru-cache. These references are provided in the context of official documentation and performance examples and target established repositories and domains.
Audit Metadata