vercel-react-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-severity attack surface because it is designed to ingest untrusted data (user-provided React code) and perform automated refactoring (file-write capabilities). 1. Ingestion points: Processes user-provided React components and Next.js page code via guidelines in rule files. 2. Boundary markers: Absent. No instructions were found to use delimiters or ignore embedded instructions in the processed code. 3. Capability inventory: Automated refactoring and code generation across the component tree. 4. Sanitization: Absent. No mention of sanitizing or validating external content before interpolation.
- [Unverifiable Dependencies] (LOW): The skill recommends several external Node.js packages for performance. Evidence: Rule files reference 'swr', 'lru-cache', 'better-all', and 'svgo'. Trust Status: These packages are common in the ecosystem and the author (Vercel) is a trusted organization, downgrading this finding to LOW per [TRUST-SCOPE-RULE].
- [Dynamic Execution] (LOW): Rule 'rendering-hydration-no-flicker.md' provides a template for injecting scripts into the DOM via 'dangerouslySetInnerHTML'. Evidence: The code example uses an IIFE to handle theme initialization from localStorage. While standard for this use case, it represents a pattern for script injection.
Recommendations
- AI detected serious security threats
Audit Metadata