vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious instructions, jailbreak attempts, or safety filter bypasses were detected.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No hardcoded credentials or sensitive file paths were found. The skill correctly provides guidelines for securing Server Actions with authentication and authorization.
- [OBFUSCATION]: The skill documentation and examples are presented in clear text with no evidence of encoding or hidden characters.
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: All referenced libraries and tools, such as SWR, lucide-react, and better-all, originate from trusted organizations or well-known developers in the ecosystem.
- [PRIVILEGE_ESCALATION]: No commands for escalating system privileges or modifying sensitive configurations were found.
- [PERSISTENCE_MECHANISMS]: No attempts to maintain access through startup scripts or system tasks were detected.
- [METADATA_POISONING]: Metadata fields are used correctly for attribution and contain no deceptive instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill acts as a static set of rules and does not ingest or process untrusted external data during execution.
- [TIME_DELAYED_OR_CONDITIONAL_ATTACKS]: No logic was found that gates behavior based on specific times, dates, or environmental triggers.
- [DYNAMIC_EXECUTION]: Includes standard React patterns such as dynamic imports and hydration-safe scripts for theme management, used according to official documentation without exposing execution paths to untrusted input.
Audit Metadata