react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found. The language is purely instructional and focused on React performance.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or suspicious network operations were detected. Code examples use generic placeholders (e.g.,
userId,fetchData). - Obfuscation (SAFE): No encoded strings, zero-width characters, or homoglyphs were identified. All content is clear and human-readable.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references well-known and reputable libraries such as
swr,better-all,lucide-react, and@mui/material. There are no instances of piping remote scripts to a shell or execution of untrusted remote code. - Privilege Escalation (SAFE): No commands related to privilege escalation (e.g.,
sudo,chmod 777) were found. - Persistence Mechanisms (SAFE): No attempts to establish persistence on the host system were detected.
- Metadata Poisoning (SAFE): Metadata fields in
SKILL.mdand rule files accurately describe the content and do not contain hidden instructions. - Indirect Prompt Injection (SAFE): The skill does not ingest untrusted external data that could influence the agent's behavior.
- Time-Delayed / Conditional Attacks (SAFE): No logic gating malicious behavior based on time or environment conditions was found.
- Dynamic Execution (SAFE): The skill uses standard JavaScript dynamic imports (
import()) for the purpose of code splitting, which is a legitimate and recommended performance pattern.
Audit Metadata