react-forms

[Skill Scanner] Skill instructions include directives to hide actions from user This SKILL.md is consistent with its stated purpose (type-safe React forms using Zod + React Hook Form). There are no code-level signs of malicious behavior, hardcoded secrets, or obfuscated code. The main security consideration is operational: the mandatory memory/context loading and the requirement to write output files mean the executing agent must enforce least-privilege access to project memory and file storage to avoid accidental leakage of sensitive project data. Recommend treating memory/context access as sensitive and auditing runtime permissions. Overall verdict: BENIGN but with moderate operational caution around memory/context access. LLM verification: The fragment is largely aligned with its stated goal of enabling type-safe, validated forms using a single Zod schema and React Hook Form, with server reuse and memory/context patterns. The sole concern is the scanner-reported anomaly about potential hidden actions; this requires inspecting the full SKILL.md to confirm whether any covert directives exist. If none are found, the material is benign and suitable for guiding implementation. If hidden actions are confirmed, remediation and transparen