react-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's content is purely educational and instructional, following established development patterns for React (e.g., component composition, state management rules). No malicious intent, obfuscation, or data exfiltration behaviors were identified.- [EXTERNAL_DOWNLOADS]: The skill mentions the well-known utility
@tanstack/react-virtualand uses documentation-lookup tools (mcp__context7__resolve-library-idandmcp__context7__query-docs) to fetch content from the official React and Next.js ecosystems. These are recognized trusted sources and the integration is standard for technical assistant agents.- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its reliance on external documentation ingested at runtime. However, this is documented as safe given the trusted nature of the target sources. - Ingestion points: Data is ingested via the
mcp__context7__query-docstool as specified inSKILL.md. - Boundary markers: Absent; the instructions do not define delimiters or specific 'ignore' directives for the fetched documentation.
- Capability inventory: The agent is capable of generating React code and invoking other development-related tools based on the ingested content.
- Sanitization: Absent; there is no mention of filtering or validating the tool output within the skill instructions.
Audit Metadata