The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its core purpose and capabilities.
Ingestion points: As defined in SKILL.md, the agent ingests 'React components, Next.js pages, data fetching, bundle optimization' from the user's codebase.
Boundary markers: Absent. There are no instructions to the agent to distinguish between the code logic it is refactoring and potential Natural Language instructions hidden within that code (e.g., in comments or string literals).
Capability inventory: The skill triggers on 'writing, reviewing, or refactoring' tasks. Refactoring implies the agent has file-write permissions to modify the codebase, a high-privilege capability.
Sanitization: Absent. There is no mention of sanitizing or escaping content before the agent processes or outputs it.
[DYNAMIC_EXECUTION] (MEDIUM): In rules/rendering-hydration-no-flicker.md, the skill recommends a pattern using dangerouslySetInnerHTML to inject a synchronous IIFE <script> into the DOM. While this is a standard industry practice for preventing hydration flickering in Next.js, it involves generating and executing scripts at runtime based on locally stored data (Category 10).
[EXTERNAL_DOWNLOADS] (INFO): The skill references several external dependencies including better-all, lru-cache, swr, lucide-react, and @mui/material.
Trusted Scope Rule: These packages are either maintained by Vercel or are widely-recognized standard libraries from trusted community members (e.g., isaacs). Per the [TRUST-SCOPE-RULE], these references are downgraded to INFO as they originate from trusted sources.

vercel-react-best-practices