vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [SAFE] (SAFE): No malicious patterns, obfuscation, or data exfiltration attempts were detected. The skill is purely informational and its logic is confined to providing code patterns for the agent to follow.
- [NO_CODE] (INFO): The skill is composed strictly of Markdown files. It does not include any Python, Node.js, or shell scripts, nor does it define any automated task configurations that could lead to unauthorized system actions.
- [INDIRECT_PROMPT_INJECTION] (LOW): 1. Ingestion points: React components and Next.js pages provided by the user (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: No subprocess calls, network operations, or file-write capabilities exist in the skill. 4. Sanitization: Absent. While the skill analyzes untrusted code, the lack of operational capabilities ensures that any potential injection contained within user code cannot trigger dangerous side effects.
Audit Metadata