vercel-react-best-practices

The skill consists of Markdown files (AGENTS.md, SKILL.md, and 57 rules/*.md) which serve as documentation and provide code examples for React and Next.js best practices. No executable scripts (e.g., .sh, .js, .py) are present that the agent would directly run. The content is instructional and does not exhibit any patterns of prompt injection, data exfiltration, obfuscation, privilege escalation, persistence mechanisms, or time-delayed attacks.

• Prompt Injection: No markers or patterns indicative of prompt injection attempts were found in any of the Markdown files or their metadata. The 'CRITICAL' and 'HIGH' labels refer to the impact of performance optimizations, not security threats.
• Data Exfiltration: The skill does not contain any executable commands or network requests. All code snippets are illustrative examples within a documentation context, demonstrating how a developer might implement certain features, not commands that the skill itself executes. Therefore, there is no direct data exfiltration risk.
• Obfuscation: All content is in plain Markdown and code. No Base64, zero-width characters, Unicode homoglyphs, or other obfuscation techniques were detected.
• Unverifiable Dependencies: The skill itself is documentation and has no runtime dependencies. Code examples reference external libraries (e.g., better-all, lru-cache, swr, zod) and external documentation links (e.g., github.com, vercel.com, react.dev, nextjs.org). These references are for informational purposes within the documentation and are to trusted external sources. The skill does not attempt to install or execute these dependencies.
• Privilege Escalation: No commands or patterns related to privilege escalation (e.g., sudo, chmod, service installations) were found.
• Persistence Mechanisms: No attempts to establish persistence (e.g., modifying shell configurations, cron jobs) were detected.
• Metadata Poisoning: The SKILL.md metadata fields (name, description, license, author, version) were reviewed and found to be benign, containing no hidden or malicious instructions.
• Indirect Prompt Injection: As a purely informational skill, it does not process external user-supplied content, thus it does not directly pose a risk for indirect prompt injection. This category is noted as a general LLM risk, not a specific vulnerability of this skill.
• Time-Delayed / Conditional Attacks: No conditional logic designed to trigger malicious behavior based on time, usage, or environment was found.