The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to analyze and refactor external code. Malicious instructions embedded within the target codebases could theoretically attempt to manipulate the agent's behavior. Ingestion points: External React/Next.js source files provided by the user. Boundary markers: Not specified. Capability inventory: Instructions target code generation and refactoring. Sanitization: None provided.
[COMMAND_EXECUTION]: The documentation references the use of standard development CLI tools for optimization tasks. Evidence: Example usage of npx svgo for SVG optimization in rules/rendering-svg-precision.md.
[EXTERNAL_DOWNLOADS]: The skill references various trusted libraries and documentation from the React and Next.js ecosystems. Evidence: Mentions of swr, better-all, and @vercel/analytics libraries.
[NO_CODE]: The skill references build and validation scripts in a src/ directory and a package.json file that are not included in the payload. These appear to be utility scripts for rule maintenance rather than executable skill code.
[SAFE]: No signs of obfuscation, credential harvesting, or unauthorized data access were found. All external links point to official documentation or reputable repositories.

react-best-practices