The Agent Skills Directory

[SAFE]: The skill consists entirely of documentation, guidelines, and code examples for React and Next.js development. No executable scripts are shipped with the skill that could perform malicious actions on the host system.
[EXTERNAL_DOWNLOADS]: The skill references several well-known and trusted external libraries and repositories, such as better-all (maintained by a Vercel engineer), lru-cache, and swr. These references are used for instructional purposes and do not involve untrusted remote code execution.
[DATA_EXFILTRATION]: No data exfiltration or unauthorized network operations were detected. On the contrary, the skill includes explicit security guidelines, such as Rule 3.1, which mandates authentication and authorization checks inside Server Actions to prevent unauthorized access to server mutations.
[CREDENTIALS_UNSAFE]: The guidelines include advice on safely managing client-side data, recommending versioning for localStorage and warning against storing sensitive PII or tokens in insecure storage mechanisms.
[COMMAND_EXECUTION]: No dangerous command execution patterns were found. The build instructions in the README reference standard package manager commands (pnpm install, pnpm build) for managing the repository itself, which is expected for a development-oriented project.

vercel-react-best-practices