vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of technical documentation and code examples aimed at improving application performance. No malicious intent was found.
- [PROMPT_INJECTION]: A thorough scan for behavioral overrides, safety filter bypasses, or system prompt extraction instructions yielded no results. The instructional language is focused strictly on the stated purpose of code optimization.
- [DATA_EXFILTRATION]: No hardcoded credentials, sensitive file path access (e.g., .env, .ssh), or unauthorized network operations were detected. All URL references point to official documentation (React, Next.js, Vercel) or well-known, trusted GitHub repositories.
- [EXTERNAL_DOWNLOADS]: The skill mentions common, reputable packages such as 'swr', 'lru-cache', and 'lucide-react'. These are standard dependencies in the React ecosystem and are referenced through official channels.
- [REMOTE_CODE_EXECUTION]: There are no patterns involving the download and execution of remote scripts (e.g., curl-to-bash). All code snippets are React/Next.js components or utility functions meant for application development.
- [COMMAND_EXECUTION]: The skill does not invoke dangerous system commands or attempt privilege escalation. It mentions 'svgo' for SVG optimization, which is a standard development tool.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or private secrets were found within the skill files.
Audit Metadata