react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references several well-known and trusted external libraries and resources, including:
swrandbetter-all(associated with Vercel and its engineering team).lru-cache(a widely used utility from a known developer).- Popular UI and utility libraries such as
lucide-react,@mui/material, andlodash. - Documentation links pointing to official domains like
react.dev,nextjs.org, andvercel.com. - [COMMAND_EXECUTION]: The
README.mdprovides standard project maintenance instructions includingpnpm install,pnpm build,pnpm validate, andpnpm extract-tests. Additionally, the rendering rules suggest usingnpx svgofor SVG optimization. - [PROMPT_INJECTION]: The skill includes instructions in
AGENTS.mdandSKILL.mddesigned to guide agent behavior when performing code refactoring. These are domain-specific performance rules rather than attempts to bypass security filters. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: The agent is instructed to use these guidelines when reviewing or refactoring user-provided React/Next.js codebases (e.g.,
AGENTS.mdabstract). - Boundary markers: No specific delimiters or instructions for isolating user code are provided in the skill content.
- Capability inventory: The agent is tasked with generating and modifying source code based on these rules.
- Sanitization: The skill does not provide methods for sanitizing the user code it processes.
Audit Metadata