vercel-react-only-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE] (SAFE): The skill consists of 48 markdown files (including rule categories for waterfalls, bundle size, and rendering) that provide static coding guidelines. No prompt injection or data exfiltration logic is present.
- [NO_CODE] (SAFE): The skill contains no executable scripts (.js, .py, .sh) or configuration files that perform automated tasks, significantly reducing its security risk profile.
- [EXTERNAL_DOWNLOADS] (LOW): The rules reference industry-standard libraries like
swr(from Vercel, a trusted organization) andbetter-all. These are used purely within code examples to demonstrate specific performance patterns. - [COMMAND_EXECUTION] (LOW): Documentation in the SVG optimization rule suggests the use of
npx svgo. This is a recommendation for manual developer workflow and does not constitute a command execution vulnerability within the skill itself.
Audit Metadata