The Agent Skills Directory

[SAFE] (INFO): Detailed inspection of all 58 files confirms the skill is a legitimate knowledge base for software engineering. No evidence of prompt injection, data exfiltration, or remote code execution was found.\n- [Trusted Source] (INFO): The skill metadata identifies 'vercel' as the author. Vercel is a recognized trusted organization in the AI and web development ecosystem, satisfying the criteria for low-risk designation for external references.\n- [Indirect Prompt Injection] (LOW): The skill is designed to guide an AI agent's reasoning during code review tasks. While this creates an ingestion surface for untrusted user code, the rules provided are benign architectural patterns. The skill actually enhances security by including rules for Server Action authentication and input validation.\n- [Dependency Analysis] (INFO): The skill references several well-known and reputable libraries such as SWR, Zod, and LRU-cache. These are standard in the React ecosystem and are used in the documentation for illustrative purposes.\n- [Code Safety] (INFO): Code snippets using potentially sensitive APIs, such as 'dangerouslySetInnerHTML', are accompanied by specific, safe use-cases (e.g., preventing hydration flicker for theme switching) and are not used as attack vectors.

vercel-react-best-practices