vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references several well-known and trusted libraries including
swr,lru-cache, andbetter-all. These are standard tools in the React ecosystem. Per [TRUST-SCOPE-RULE], dependencies from the Vercel ecosystem and established developers (shuding) are considered low-risk. - [COMMAND_EXECUTION] (SAFE): The
README.mddescribes standard build and validation scripts (pnpm build,pnpm validate,pnpm extract-tests) used for maintaining the documentation repository. No malicious command injection or hidden shell scripts were found. - [DATA_EXFILTRATION] (SAFE): Code examples include patterns for accessing
localStorageanddocument.cookiefor performance caching purposes (e.g., theme storage). No sensitive file paths or credentials are targeted, and no data is sent to untrusted external domains. - [PROMPT_INJECTION] (SAFE): No instructions attempting to bypass safety filters, extract system prompts, or override agent behavior were detected. The content consists strictly of architectural and performance advice.
- [DYNAMIC_EXECUTION] (SAFE): One example in
rendering-hydration-no-flicker.mdusesdangerouslySetInnerHTMLto inject a small, static script into the DOM to prevent hydration flicker. This is a standard industry practice for the described use case and does not represent an execution threat within the agent's context.
Audit Metadata