vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): Extensive review of 58 files (SKILL.md and 57 rule files) revealed no malicious patterns. The content is consistently educational and adheres to industry best practices for React and Next.js development.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references standard, well-maintained libraries such as
swr(rules/client-swr-dedup.md),lru-cache(rules/server-cache-lru.md), andbetter-all(rules/async-dependencies.md). These are well-established libraries and the author (Vercel) is a trusted entity. - [PROMPT_INJECTION] (LOW): The skill processes user-provided React and Next.js code for review and refactoring (SKILL.md). While this creates an ingestion surface for untrusted data, the skill's role is primarily instructional and does not involve high-privilege capabilities such as arbitrary command execution or network exfiltration.
Audit Metadata