typescript-security
Validate input, secure auth tokens, and prevent injection attacks in TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration. (triggers: **/*.ts, **/*.tsx, validate, sanitize, xss, injection, auth, password, secret, token)
83
78%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./.github/skills/typescript/typescript-security/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly communicates its security-focused purpose in TypeScript, provides explicit 'Use when' guidance, and includes comprehensive trigger terms. It follows third-person voice correctly and is concise without being vague. The explicit trigger list at the end further strengthens discoverability.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Validate input', 'secure auth tokens', 'prevent injection attacks', all scoped to TypeScript. These are clear, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (validate input, secure auth tokens, prevent injection attacks in TypeScript) and 'when' (explicit 'Use when...' clause covering validating input, handling auth tokens, sanitizing data, managing secrets). Also includes explicit trigger terms. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'validate', 'sanitize', 'xss', 'injection', 'auth', 'password', 'secret', 'token', plus file patterns '**/*.ts' and '**/*.tsx'. These are terms users naturally use when dealing with security concerns. | 3 / 3 |
Distinctiveness Conflict Risk | Clearly occupies a distinct niche: security-focused input validation and auth handling specifically in TypeScript. The combination of security domain terms (xss, injection, sanitize) with TypeScript file patterns makes it unlikely to conflict with general coding or non-security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
57%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a reasonably well-structured security skill that covers the right topics and appropriately delegates detailed examples to a reference file. Its main weaknesses are the lack of executable code examples in the main body (relying entirely on the reference file for code) and some redundancy in explanations and duplicate reference links. Adding even one concrete code snippet per section would significantly improve actionability.
Suggestions
Add at least one executable code example per major section (e.g., a Zod schema for input validation, a parameterized query example, an Argon2id hashing snippet) to make the skill immediately actionable without requiring the reference file.
Remove the duplicate reference link — it appears both after the first section and at the end; consolidate to one location.
Remove parenthetical expansions of terms Claude already knows (e.g., 'Cross-Site Scripting (XSS)', 'Command Injection') to improve conciseness.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Mostly efficient but has some redundancy — the reference link appears twice identically, and some explanations like 'Cross-Site Scripting (XSS)' and 'Command Injection' are concepts Claude already knows. The bold formatting is heavy-handed but the content is reasonably tight overall. | 2 / 3 |
Actionability | Provides specific library names and techniques (Zod, Argon2id, DOMPurify, parameterized queries) which is good, but lacks executable code examples. The guidance is concrete in naming tools but stops short of copy-paste ready code — actual code is deferred to the reference file. | 2 / 3 |
Workflow Clarity | The verification step mentioning getDiagnostics is a good checkpoint, but the overall workflow is not clearly sequenced — it reads more like a checklist of concerns than a step-by-step process. For security validation tasks involving multiple steps, the lack of explicit ordering and feedback loops (e.g., what to do if validation fails) limits clarity. | 2 / 3 |
Progressive Disclosure | Good structure with a concise overview in the main file and clear, well-signaled references to REFERENCE.md for detailed patterns. The reference link is one level deep and clearly describes what it contains. Content is appropriately split between overview and details. | 3 / 3 |
Total | 9 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- HoangNguyen0403/agent-skills-standard
- Commit
19a1140
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.