vercel-react-best-practices
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [METADATA_POISONING]: The skill frontmatter in SKILL.md claims the author is 'vercel', which contradicts the authoritative context identifying the author as 'ZhanlinCui'. This constitutes impersonation of a well-known trusted vendor.
- [EXTERNAL_DOWNLOADS]: The skill instructions in README.md direct users to perform 'pnpm install' and 'pnpm build'. The skill references build scripts and utilities in the 'src/' directory that are not provided in the source files, posing a risk of executing unverified external code.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external React/Next.js code for refactoring and review tasks.
- Ingestion points: The agent's context when reviewing or refactoring user-provided code files as specified in the 'When to Apply' section.
- Boundary markers: Absent. The skill lacks instructions to the agent to treat input code as untrusted or to disregard instructions embedded in code comments.
- Capability inventory: The skill has the capability to influence code generation and refactoring outputs based on the provided patterns.
- Sanitization: Absent. No methods for escaping or validating the content of external code are provided.
- [DYNAMIC_EXECUTION]: The 'rendering-hydration-no-flicker.md' rule documents a pattern for injecting a synchronous script via 'dangerouslySetInnerHTML'. While intended for performance optimization, this technique involves executing string-based content as code in the client environment.
Audit Metadata