vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): The skill consists of markdown-based documentation and code snippets providing performance optimization advice. No executable malicious code or obfuscated patterns are present.
- [EXTERNAL_DOWNLOADS] (LOW): The documentation references several industry-standard libraries such as 'swr', 'zod', and 'lru-cache', as well as the 'better-all' utility from a Vercel engineer's GitHub repository. These references are educational and do not involve automated execution of untrusted remote code.
- [PROMPT_INJECTION] (SAFE): No attempts to override agent behavior, bypass safety filters, or extract system prompts were found. The instructions are focused on providing coding assistance and refactoring guidance.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or private secrets were found in the examples or metadata. Placeholders are used appropriately.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill is designed to process user-provided React/Next.js code for review, it does not possess dangerous write or network capabilities that could be exploited via injection. It also provides specific guidance (rules/server-auth-actions.md) on how to prevent unauthorized access in applications.
Audit Metadata