angular-security
Harden Angular apps against XSS, CSP violations, and unauthorized access. Use when implementing XSS protection, Content Security Policy, or auth guards in Angular.
81
78%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/angular/angular-security/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that concisely covers specific security capabilities within the Angular framework. It uses third person voice, lists concrete actions, includes natural trigger terms developers would use, and has an explicit 'Use when' clause with clear triggers. The description is both concise and comprehensive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: hardening against XSS, CSP violations, and unauthorized access. These are distinct, well-defined security concerns rather than vague abstractions. | 3 / 3 |
Completeness | Clearly answers both 'what' (harden Angular apps against XSS, CSP violations, unauthorized access) and 'when' (explicit 'Use when implementing XSS protection, Content Security Policy, or auth guards in Angular'). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'XSS', 'XSS protection', 'Content Security Policy', 'CSP', 'auth guards', 'Angular'. These are terms developers naturally use when seeking help with Angular security. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive by combining Angular-specific security concerns (XSS, CSP, auth guards). The Angular framework specificity plus the security domain creates a clear niche unlikely to conflict with general security or general Angular skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill covers important Angular security topics with reasonable structure and clear references, but suffers from redundancy between the Anti-Patterns and earlier sections. The biggest gap is the lack of executable code examples—concrete snippets for route guards, interceptors, and DomSanitizer usage would significantly improve actionability. Adding verification/audit steps would strengthen the workflow for this security-critical domain.
Suggestions
Add executable code examples for key patterns: a functional authGuard with CanActivateFn, a DomSanitizer.sanitize() usage example, and an HTTP interceptor attaching tokens.
Remove or consolidate the Anti-Patterns section since it repeats guidance already given in Principles and Guidelines—or differentiate it by showing bad code vs. good code side-by-side.
Add a verification/audit checklist (e.g., 'Run ng build --source-map=false and grep for API keys', 'Check CSP headers with browser DevTools') to provide validation steps for security hardening.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The Anti-Patterns section largely repeats what was already stated in Principles and Guidelines, creating redundancy. The content is otherwise fairly tight but could be tightened by eliminating this duplication. | 2 / 3 |
Actionability | Provides specific function names, patterns (e.g., DomSanitizer.sanitize, CanActivateFn, nonce-based CSP), and concrete anti-patterns, but lacks executable code examples. A route guard snippet, an interceptor example, or a CSP header example would make this fully actionable. | 2 / 3 |
Workflow Clarity | This is more of a checklist/principles skill than a multi-step workflow, but it still lacks any sequencing or validation steps. For security hardening—a domain where verification matters—there are no audit steps, no 'how to verify CSP is working,' and no feedback loops for checking sanitization. | 2 / 3 |
Progressive Disclosure | The skill is concise at the top level with clear references to deeper material (references/security-best-practices.md and common/security-standards). Content is well-organized into Principles, Guidelines, and Anti-Patterns sections with one-level-deep references. | 3 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
metadata_field | 'metadata' should map string keys to string values | Warning |
Total | 9 / 11 Passed | |
- Repository
- HoangNguyen0403/agent-skills-standard
- Commit
4c72e76
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.