vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill consists of markdown-based guidelines and code examples for optimizing React and Next.js applications. The content is focused on performance engineering and does not contain any executable scripts or malicious logic.
- [EXTERNAL_DOWNLOADS]: The documentation references several well-known and trusted third-party libraries, including
swr,lru-cache, andbetter-all. These are standard tools in the ecosystem and are referenced neutrally as part of the best-practice recommendations. - [PROMPT_INJECTION]: No evidence of prompt injection or behavior-override instructions was found. The skill includes specific security advice, such as recommending authentication within Server Actions, which improves the overall security posture of the applications it helps build.
- [INDIRECT_PROMPT_INJECTION]: The skill establishes an attack surface as it is designed to process and refactor user-provided source code.
- Ingestion points: The agent reads React and Next.js source code from the user.
- Boundary markers: There are no explicit instructions or delimiters defined in the guidelines to separate user-provided code from the agent's internal instructions.
- Capability inventory: The skill allows the agent to generate and refactor code. It also mentions environment setup commands like
pnpm installin its documentation. - Sanitization: The skill does not provide specific sanitization or validation routines for the input code it processes.
Audit Metadata