angular-security
Harden Angular apps against XSS, CSP violations, and unauthorized access. Use when implementing XSS protection, Content Security Policy, or auth guards in Angular.
62
75%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/angular/angular-security/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that concisely covers specific security capabilities, includes natural trigger terms developers would use, and clearly delineates both what the skill does and when to use it. It uses proper third-person voice and is distinct enough to avoid conflicts with other skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: hardening against XSS, CSP violations, and unauthorized access. These are distinct, well-defined security concerns rather than vague abstractions. | 3 / 3 |
Completeness | Clearly answers both 'what' (harden Angular apps against XSS, CSP violations, unauthorized access) and 'when' (explicit 'Use when implementing XSS protection, Content Security Policy, or auth guards in Angular'). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'XSS', 'XSS protection', 'Content Security Policy', 'CSP', 'auth guards', 'Angular'. These are terms developers naturally use when seeking help with Angular security. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive by combining Angular-specific security concerns (XSS, CSP, auth guards). Unlikely to conflict with general security skills or general Angular skills due to the specific intersection of Angular + security hardening. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides reasonable security guidance for Angular applications with correct technical recommendations, but falls short on actionability — it tells Claude what to do without showing executable code examples for guards, interceptors, or sanitization. The Anti-Patterns section is largely redundant with earlier sections, and the lack of a concrete workflow or audit checklist weakens its utility for a P0-critical security skill.
Suggestions
Add executable code examples for key patterns: a functional authGuard with CanActivateFn, an HTTP interceptor attaching tokens, and DomSanitizer.sanitize usage.
Remove or consolidate the Anti-Patterns section into the Principles/Guidelines sections to eliminate redundancy and save tokens.
Add a security audit checklist or verification workflow (e.g., 'grep for bypassSecurityTrust calls, verify each is static content; check no localStorage token usage; verify CSP headers in server config').
Ensure referenced files (references/security-best-practices.md, common/security-standards) actually exist in the bundle, or remove broken references.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Mostly efficient but has some redundancy — the Anti-Patterns section largely repeats points already made in Principles and Guidelines (e.g., bypassSecurityTrust, localStorage, secrets). The bold formatting is heavy but the content is reasonably tight otherwise. | 2 / 3 |
Actionability | Provides specific function names, patterns, and concrete guidance (e.g., DomSanitizer.sanitize, inject(Router).createUrlTree, canActivate syntax, nonce-based CSP), but lacks executable code examples. No copy-paste ready snippets for implementing guards, interceptors, or sanitization — it describes what to do rather than showing it. | 2 / 3 |
Workflow Clarity | The content is organized into logical sections (Principles, Guidelines, Anti-Patterns) but there's no sequenced workflow for implementing security measures. For a security hardening skill, there's no validation/audit checklist or step-by-step process to verify that protections are correctly applied — important for a P0 critical skill. | 2 / 3 |
Progressive Disclosure | References to 'references/security-best-practices.md' and 'common/security-standards' are provided, but no bundle files exist to back them up. The overview is appropriately concise for a top-level skill, but the referenced files cannot be verified and the second reference lacks a proper link format. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
metadata_field | 'metadata' should map string keys to string values | Warning |
Total | 9 / 11 Passed | |
- Repository
- HoangNguyen0403/agent-skills-standard
- Commit
556618c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.