react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references several external resources and libraries including
better-all,lru-cache,svgo, andswr. These are well-known packages or utilities authored by reputable community members (e.g., Shuding from Vercel) and the links point to trusted domains likegithub.com,nextjs.org, andvercel.com. - [COMMAND_EXECUTION] (SAFE): The documentation includes standard development commands such as
pnpm install,pnpm build, andnpx svgo. These are intended for the developer using the guide and do not represent malicious execution patterns within the skill itself. - [PROMPT_INJECTION] (SAFE): No attempts to override agent instructions, bypass safety filters, or extract system prompts were found. The language used is purely instructional regarding React performance.
- [DATA_EXFILTRATION] (SAFE): There are no hardcoded credentials, API keys, or logic that suggests the collection or transmission of sensitive user data. Examples involving
localStorageorcookiesare standard implementations for UI state management (e.g., theme toggling). - [DYNAMIC_EXECUTION] (SAFE): While the 'Prevent Hydration Mismatch' rule uses
dangerouslySetInnerHTML, it is presented as a specific architectural pattern for solving hydration flickers in React, a common and legitimate use case for that API.
Audit Metadata