react-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily composed of markdown documentation providing legitimate technical advice for React/Next.js performance optimization. The content is educational and aligns with established software engineering practices.
- [COMMAND_EXECUTION]: The skill includes two Python scripts:
react_performance_checker.pyandconvert_rules.py. Analysis ofreact_performance_checker.pyconfirms it is a static analysis tool that uses regular expressions to scan local source files for performance anti-patterns (e.g., sequential awaits, barrel imports). It performs no network operations and does not execute the code it scans.convert_rules.pyis a utility for merging documentation files and likewise only performs local filesystem read/write operations. - [INDIRECT_PROMPT_INJECTION]: The
react_performance_checker.pyscript acts as an ingestion point for untrusted data by reading source code from the user's project directory. This represents a potential surface for indirect prompt injection if a project file contained malicious instructions designed to manipulate the agent's behavior when reviewing the audit results. However, the script's output is strictly formatted as an audit report, which provides a high degree of isolation from the raw file content.
Audit Metadata