react-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes two Python utility scripts:
scripts/convert_rules.pyandscripts/react_performance_checker.py. These scripts are intended to be executed by the agent via Bash to manage rule files and perform automated performance audits on local project directories. - [DATA_EXPOSURE]: The
react_performance_checker.pyscript uses recursive filesystem scanning (rglob) and reads file contents to perform regex-based auditing. While this grants the agent visibility into the analyzed project's source code, the behavior is transparent, local, and aligns with the tool's primary purpose of performance auditing. - [SAFE]: All code snippets provided in the documentation are educational and follow industry best practices. There is no evidence of obfuscation, remote code execution from untrusted sources, or hardcoded credentials. The claim of being 'From Vercel Engineering' reflects the source of the best practices content and is consistent with the high-quality technical advice provided.
Audit Metadata