react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill includes a shell script (
references/rules/download_rules.sh) that usescurlto fetch documentation files from an external repository. - Evidence: Multiple
curlcommands inreferences/rules/download_rules.shtargetinghttps://raw.githubusercontent.com/vercel-labs/agent-skills/. - Context: The source repository is part of the
vercel-labsorganization, which is a verified trusted source. Per the [TRUST-SCOPE-RULE], this finding is downgraded to LOW. - [PROMPT_INJECTION] (LOW): As a code-analysis and optimization tool, this skill presents a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: The skill is designed to read and analyze user-provided React and Next.js source code (e.g., components, API routes).
- Boundary markers: Absent. There are no explicit instructions or delimiters in the reference files to instruct the agent to ignore instructions embedded in the code comments or strings of the files being analyzed.
- Capability inventory: Low risk. The skill is primarily informational; it does not contain executable logic (like
execoreval) that would allow an injected prompt to perform malicious actions in the agent's environment. - Sanitization: Absent. No sanitization or escaping of the ingested code content is performed.
- [COMMAND_EXECUTION] (SAFE): The
download_rules.shscript executes shell commands, but these are restricted to fetching documentation from trusted sources and do not involve user-controlled input.
Audit Metadata