The Agent Skills Directory

[SAFE] (SAFE): No malicious behavior, obfuscation, or insecure command execution patterns were identified across any of the 62 files.
[PROMPT_INJECTION] (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected. The content consists entirely of instructional code examples and performance advice.
[CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets, API keys, or credentials found. The skill includes best practices for avoiding the storage of sensitive data in localStorage.
[DATA_EXFILTRATION] (SAFE): No unauthorized network operations or data exfiltration vectors found. Caching mechanisms (Map, LRU) are used appropriately for performance and are scoped correctly to their environments.
[EXTERNAL_DOWNLOADS] (SAFE): References to external packages like 'swr', 'lru-cache', and 'better-all' are industry-standard and point to reputable sources (Vercel, Next.js, and established open-source contributors).
[REMOTE_CODE_EXECUTION] (SAFE): The skill provides static documentation and code templates; it does not perform any remote code execution or download-to-execute operations.
[DYNAMIC_EXECUTION] (SAFE): The recommended pattern for preventing SSR hydration flickers using inline script tags is safe, as it uses static logic and avoids execution of untrusted external content.
[POSITIVE_SECURITY] (INFO): The skill demonstrates security awareness by including explicit rules (e.g., 'server-auth-actions.md') that warn about treating Server Actions as public endpoints and require authentication inside each action.

vercel-react-best-practices