vercel-composition-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill provides instructions for refactoring React codebases in
AGENTS.mdand rule files likerules/architecture-avoid-boolean-props.md. This creates a surface where malicious patterns in the processed code (untrusted data) could influence the agent's code generation behavior.\n - Ingestion points: Agent reads and processes the user's React codebase to apply patterns described in
AGENTS.mdand the rule files.\n - Boundary markers: The skill does not provide specific delimiters or instructions to ignore embedded instructions in the code being refactored.\n
- Capability inventory: The agent is tasked with refactoring and generating React components, which involves modifying source code based on the patterns defined.\n
- Sanitization: No sanitization or validation logic is defined for the input code before the agent applies the composition patterns.\n- [NO_CODE]: The skill consists entirely of documentation and architectural guidelines in Markdown format. No executable scripts, binaries, or configuration files for package managers were found across the skill files.
Audit Metadata