The Agent Skills Directory

[PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines were found. The content consists entirely of technical best practices for React development.
[DATA_EXFILTRATION]: No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. Code examples use placeholder data and standard API patterns.
[OBFUSCATION]: The content is clear and readable. No use of hidden characters, Base64 encoding of executable strings, or homoglyphs was found.
[EXTERNAL_DOWNLOADS]: The skill references standard libraries and tools (e.g., better-all, lru-cache, swr, svgo). These are well-known packages in the JavaScript ecosystem. No suspicious or unverified remote downloads are present.
[COMMAND_EXECUTION]: The README mentions standard local build commands (pnpm build, pnpm validate) for maintaining the documentation. No arbitrary or dangerous command execution was found in the skill's instructions.
[REMOTE_CODE_EXECUTION]: No patterns for downloading and executing remote scripts (like curl|bash) were detected. The skill contains documentation and static code examples only.
[INDIRECT_PROMPT_INJECTION]: While the skill provides instructions that an agent is intended to follow (the React rules), these instructions are legitimate technical guidelines. There is no evidence of an attempt to subvert the agent's behavior via the processed data.
[DYNAMIC_EXECUTION]: No use of eval(), exec(), or unsafe deserialization was found. One example uses dangerouslySetInnerHTML for a standard SSR theme injection pattern, which is a recognized and safe implementation in this context.

vercel-react-best-practices