The Agent Skills Directory

[Prompt Injection] (SAFE): No malicious instructions designed to bypass agent safety filters or override system prompts were found. The skill contains instructional language appropriate for its stated purpose as a coding guide.- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets, API keys, or sensitive file paths are present. Code examples use standard API patterns (e.g., '/api/users') for illustrative purposes.- [Remote Code Execution] (SAFE): No patterns involving the execution of remote scripts via pipes or dynamic evaluation of untrusted remote content were detected.- [Dynamic Execution] (SAFE): The skill mentions using dangerouslySetInnerHTML in rules/rendering-hydration-no-flicker.md to prevent hydration flicker. While this is a sensitive React API, it is used here as a standard pattern for synchronous client-side state initialization and does not incorporate untrusted external input.- [External Downloads] (SAFE): The skill references several well-known and trusted libraries in the React ecosystem, such as swr, lru-cache, and better-all (maintained by Vercel-affiliated authors). These are used as examples of best practices.- [Indirect Prompt Injection] (SAFE): Although the skill provides templates for generating code, it does not ingest untrusted data from external sources that could manipulate the agent's behavior. The ingestion points are limited to standard environment values like localStorage in illustrative examples.

vercel-react-best-practices