vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions to override agent behavior or safety filters were detected. The skill focuses strictly on development best practices.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or unauthorized data exfiltration patterns were found. Code examples use standard API and storage patterns.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyphs were detected in the documentation or code snippets.
- [Unverifiable Dependencies] (SAFE): The skill references standard, reputable libraries such as SWR, Zod, and LRU-cache. It is authored by 'vercel', a trusted organization, and does not perform unattended installations.
- [Indirect Prompt Injection] (SAFE): While the skill advises on data fetching surfaces, it includes explicit security guidance in 'server-auth-actions.md' to prevent unauthorized access and validate inputs using Zod.
- [Privilege Escalation] (SAFE): No commands for acquiring elevated permissions or modifying system configurations were detected.
Audit Metadata