vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions, jailbreak attempts, or system prompt extraction patterns were found. The skill consists strictly of technical documentation and code examples.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or access to sensitive local files (like SSH keys or AWS configs) were detected. The skill actually provides security-positive guidance, such as data minimization for localStorage.
- [Remote Code Execution] (SAFE): The skill references standard, well-known Node.js packages (e.g.,
swr,lru-cache,better-all). These are recommended as architectural dependencies and not via suspiciouscurl | bashor remote execution patterns. - [Obfuscation] (SAFE): All content is written in clear, human-readable Markdown. No Base64, zero-width characters, or homoglyphs were used to hide malicious behavior.
- [Dynamic Execution] (SAFE): While the skill mentions dynamic
import()anddangerouslySetInnerHTML, these are applied in the context of performance optimization (code splitting) and preventing SSR hydration flicker, following standard React development patterns.
Audit Metadata