vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions to override behavior, bypass safety filters, or extract system prompts were found.
- [Data Exposure & Exfiltration] (SAFE): No credentials, hardcoded secrets, or suspicious network exfiltration patterns were detected in the examples.
- [Unverifiable Dependencies] (LOW): The skill references standard and reputable Node.js packages such as SWR, LRU-Cache, and Lucide-React. All external links point to trusted domains (GitHub, Vercel).
- [Dynamic Execution] (LOW): One rule demonstrates the use of dangerouslySetInnerHTML for a legitimate performance optimization (preventing hydration flickering in theme toggles), which is a common and safe pattern in this context.
- [Indirect Prompt Injection] (INFO): While the skill involves processing markdown data (the rules), the content is static and serves purely as a knowledge base with no malicious instructions embedded in the code snippets.
Audit Metadata