The Agent Skills Directory

[Prompt Injection] (SAFE): No instructions were found that attempt to bypass safety filters or override agent instructions. The content is strictly technical and instructional.
[Data Exposure & Exfiltration] (SAFE): No sensitive data access or exfiltration patterns were identified. Code examples using localStorage are limited to standard UI persistence (e.g., theme preferences).
[Obfuscation] (SAFE): No obfuscation techniques like Base64 encoding, zero-width characters, or homoglyphs were found. All documentation is in clear text.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references reputable Node.js packages such as swr, lru-cache, and zod. No remote scripts are downloaded or executed.
[Dynamic Execution] (SAFE): While dangerouslySetInnerHTML is mentioned in one optimization rule (rendering-hydration-no-flicker.md), it is used for a standard, legitimate technique to prevent UI flickering during Server-Side Rendering (SSR). The implementation uses a static script template without interpolating untrusted data.
[Persistence Mechanisms] (SAFE): No attempts to modify system startup files or shell profiles were detected.
[Privilege Escalation] (SAFE): No usage of sudo, chmod, or other privilege-altering commands was identified.
[Security Best Practices] (SAFE): The skill proactively includes a security-focused rule (server-auth-actions.md) that explicitly teaches developers how to properly authenticate and validate inputs in Server Actions to prevent unauthorized access.

vercel-react-best-practices