vercel-composition-patterns
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill metadata in SKILL.md and metadata.json falsely identifies the author as 'vercel'. This is deceptive because the actual author is 'lingxling'. Impersonating a trusted vendor can mislead users into assuming higher safety and quality standards than are verified for the actual author.
- [NO_CODE]: The skill consists exclusively of documentation and code examples in Markdown format, with no executable scripts, binaries, or automated tools.
- [SAFE]: The technical content and external links to react.dev are legitimate and relate to standard React development practices, with no malicious code or instructions detected.
Audit Metadata