vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of educational rule files and code examples for optimizing React and Next.js applications. A thorough review of all 71 files reveals no malicious logic, exfiltration attempts, or obfuscation.
- [DATA_EXPOSURE]: The guidelines include a specific rule (rules/client-localstorage-schema.md) that teaches developers how to properly manage localStorage to prevent accidental data exposure, recommending key versioning and storage of only non-sensitive, minimal fields.
- [PROMPT_INJECTION]: No prompt injection or behavior override patterns were found in the SKILL.md metadata or rule descriptions. The instructions are focused on performance optimization.
- [COMMAND_EXECUTION]: The rules mention development tools like 'npx svgo' for SVG optimization and reference common build configurations, but no commands are executed automatically by the skill's own logic.
- [REMOTE_CODE_EXECUTION]: The skill refers to trusted packages and libraries (such as SWR, LRU Cache, and Zod) and does not contain patterns that download or execute code from untrusted remote sources.
Audit Metadata