vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill consists entirely of technical documentation and best practices in Markdown format. No executable scripts were provided in the file list, and the content is strictly educational.
- PROMPT_INJECTION (SAFE): No patterns of prompt injection, role-play overrides, or system prompt extraction attempts were found. The instructional language is natural and focused on performance guidelines.
- CREDENTIALS_UNSAFE (SAFE): No hardcoded API keys, tokens, or secrets were detected. Examples use generic placeholders or common development patterns.
- DATA_EXFILTRATION (SAFE): There are no network-active commands or logic that could lead to unauthorized data transmission. The mentioned network operations in examples (e.g.,
fetch(),SWR) are standard web development patterns. - REMOTE_CODE_EXECUTION (SAFE): No remote code execution patterns or piped shell executions (e.g.,
curl | bash) were found. The README mentions local build commands (pnpm build), which are standard for documentation generation. - SECURITY_AWARENESS (INFO): The skill includes a dedicated security rule (
rules/server-auth-actions.md) that explicitly warns developers to authenticate Server Actions to prevent unauthorized access, which is a positive security contribution.
Audit Metadata