The Agent Skills Directory

[SAFE]: The skill serves as a structured repository of React and Next.js best practices. It includes detailed explanations and code examples for optimizing application performance. The guidelines explicitly advocate for security best practices, such as implementing authentication and authorization inside Server Actions to prevent unauthorized access.
[PROMPT_INJECTION]: The skill presents an inherent surface for indirect prompt injection because it is designed for AI agents that process untrusted external data (the user's source code) to apply these optimization rules. While the skill itself is documentation, the workflow it supports involves risk from malicious content within processed projects.
Ingestion points: The agent ingests React components, Next.js pages, and API route handlers from the user's project directory.
Boundary markers: The documentation does not provide specific instructions for agents to use delimiters or ignore embedded instructions when reading user code.
Capability inventory: Agents utilizing this skill are typically granted permissions to read from and write to the file system and execute terminal commands (e.g., pnpm build, npm install) as part of a development workflow.
Sanitization: The skill focuses on performance patterns and does not include logic for sanitizing or escaping potentially malicious comments or code patterns found in the project being analyzed.

vercel-react-best-practices