The Agent Skills Directory

Performance Optimization Guidelines: The skill consists of a large collection of markdown files that describe performance rules, including Eliminating Waterfalls, Bundle Size Optimization, and Server-Side Performance. These guidelines are educational and intended to improve code quality.
Security Best Practices Inclusion: Notably, the skill includes a specific rule ('server-auth-actions.md') that explicitly instructs agents to verify authentication and authorization inside Server Actions to prevent unauthorized access, which is a positive security pattern.
External Package References: The documentation references well-known and standard library packages such as swr, lru-cache, and better-all. These are common dependencies in the React ecosystem used for caching and data fetching.
Use of Sensitive React Features: One guideline ('rendering-hydration-no-flicker.md') demonstrates the use of dangerouslySetInnerHTML. While this React feature can be a security sink if used with untrusted user input, the example provided uses a static script for theme management, which is a standard implementation for preventing theme flickering during hydration.
Data Processing Context: As this skill is used during code generation and refactoring, it naturally operates on code provided by the user. While any coding assistant has a surface area for indirect prompt injection if the user's code contains malicious instructions, this skill itself contains only static guidelines and does not introduce new vulnerabilities.

vercel-react-best-practices