react-best-practices

Warn

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: MEDIUMNO_CODESAFE
Full Analysis
  • [NO_CODE]: The skill consists entirely of instructional Markdown content and does not include any scripts, binaries, or executable code.- [SAFE]: The performance guidelines (e.g., parallelizing data fetches, optimizing bundle size, and managing server-client boundaries) follow industry best practices for modern web development.- [SAFE]: The skill correctly recommends security best practices, such as requiring authentication and authorization checks inside Next.js Server Actions to prevent unauthorized access.- [SAFE]: All external URLs and package references target well-known, established libraries and official documentation from reputable technology services.- [SAFE]: The skill displays deceptive metadata by claiming to be from 'Vercel Engineering' and identifying the author as 'vercel' in the frontmatter, which contradicts the actual author context of 'akillness'.- [SAFE]: The skill is susceptible to indirect prompt injection because its primary purpose is to audit user-provided React and Next.js source code. It lacks explicit instructions for boundary markers or input sanitization, though this is a common characteristic of code-auditing skills.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 17, 2026, 07:07 AM
Security Audit — agent-trust-hub — react-best-practices