react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains instructional content for React best practices. No patterns were found that attempt to override the underlying AI agent's instructions or bypass safety filters.
- Data Exposure & Exfiltration (SAFE): There are no references to sensitive system files, hardcoded credentials, or unauthorized network operations. References to browser storage (localStorage, cookies) are strictly contained within educational code snippets illustrating best practices.
- Obfuscation (SAFE): All content is in plain text markdown and standard TypeScript/TSX. No hidden characters, Base64-encoded payloads, or homoglyphs were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not automate the installation of third-party packages or execute remote scripts. A documentation example mentions using
npx svgofor SVG optimization, but this is presented as a manual step for developers, not a task for the agent to execute. - Persistence & Privilege Escalation (SAFE): The skill does not include any commands for system-level modifications, such as editing shell profiles, crontabs, or using sudo.
Audit Metadata