CtrlK
BlogDocsLog inGet started
Tessl Logo

angular-security

Harden Angular apps against XSS, CSP violations, and unauthorized access. Use when implementing XSS protection, Content Security Policy, or auth guards in Angular.

66

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

62%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is well-structured and concrete with a properly split reference file, but it loses points for duplicative anti-patterns, a few abstract directives, and a broken reference path. It is a solid, actionable skill with some tightening needed.

Suggestions

Merge or remove the Anti-Patterns section — its three bullets restate the Guidelines (localStorage, secrets, trust-marking) almost verbatim; keep one consolidated do/don't list to avoid duplicated tokens.

Replace abstract directives with concrete snippets, e.g., a minimal auth interceptor example instead of "Use Interceptors to attach secure tokens" and a complete CanActivateFn guard instead of the inject(Router) fragment.

Fix the dangling "common/security-standards" reference — it is neither a real file nor a link; either create the file and link it like references/security-best-practices.md, or remove it.

DimensionReasoningScore

Conciseness

The body is lean with no concept padding, but the Anti-Patterns section restates the Guidelines nearly verbatim (localStorage, secrets, trust-marking), so not every token earns its place and it could be tightened.

2 / 3

Actionability

It names specific APIs (DomSanitizer.sanitize(SecurityContext.HTML, content), CanActivateFn, inject(Router).createUrlTree(['/login']), script-src 'nonce-{nonce}'), but several directives are abstract ("review every trust-marking call", "Use Interceptors to attach secure tokens") and the body has no complete executable examples — those live only in the reference.

2 / 3

Workflow Clarity

This is an under-50-line, single-purpose skill that is clearly and well-organized into Principles, Guidelines, Anti-Patterns, and References, so per the simple-skills note it can score 3 without an explicit multi-step workflow.

3 / 3

Progressive Disclosure

The body is an overview with one well-signaled, one-level-deep reference (references/security-best-practices.md, which exists and holds the code examples), but the "common/security-standards" reference is not a link and points to a non-existent file, hurting navigation.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is concrete, complete, and well-scoped: it pairs a specific action with an explicit "Use when" trigger and natural keywords. It closely matches the rubric's good examples and has no voice or over-claim issues.

DimensionReasoningScore

Specificity

"Harden Angular apps against XSS, CSP violations, and unauthorized access" names the framework and three concrete threat domains with an action verb, matching the anchor for multiple specific concrete targets rather than vague language.

3 / 3

Completeness

It states what it does ("Harden Angular apps against XSS, CSP violations, and unauthorized access") and when to use it ("Use when implementing XSS protection, Content Security Policy, or auth guards in Angular"), with an explicit "Use when" trigger.

3 / 3

Trigger Term Quality

The description surfaces natural developer terms — "XSS", "CSP"/"Content Security Policy", "auth guards", "Angular" — that a user would actually say when needing this skill, with both abbreviations and spelled-out forms.

3 / 3

Distinctiveness Conflict Risk

The Angular scope and security-specific triggers (XSS, CSP, auth guards) carve a clear niche unlikely to fire for non-Angular or non-security skills.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

metadata_version

'metadata.version' is missing

Warning

metadata_field

'metadata' should map string keys to string values

Warning

Total

14

/

16

Passed

Repository
HoangNguyen0403/agent-skills-standard
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.