CtrlK
BlogDocsLog inGet started
Tessl Logo

typescript-security

Validate input, secure auth tokens, and prevent injection attacks in TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration.

62

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

50%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The content is well-organized and reasonably actionable, but relies on illustrative rather than fully executable code and lacks a clear sequenced workflow with validation checkpoints. The progressive disclosure is undermined by dangling references in REFERENCE.md to non-existent files.

Suggestions

Add fully executable, copy-paste-ready code examples (e.g., a complete Zod validation route handler and an Argon2id hashing snippet) instead of prose-with-fragments.

Provide a numbered multi-step workflow with explicit validate->fix->retry checkpoints for risky operations like auth changes or sanitization.

Resolve the dangling references in references/REFERENCE.md: either create authentication.md and security-headers.md, or remove the broken links.

DimensionReasoningScore

Conciseness

The body is mostly lean and assumes Claude's competence, but the repeated references link and formatting glitches in the anti-patterns section add slack; it is not 3 because some lines (e.g., the duplicated REFERENCE.md link in both 'Validate Input' and 'References') could be trimmed, and not 1 because it avoids explaining basic concepts.

2 / 3

Actionability

It names specific tools and patterns (Zod safeParse, DOMPurify, Argon2id, execFileSync) with illustrative snippets, but most guidance is prose rather than copy-paste-ready code; it is not 3 because the examples are partial/illustrative rather than fully executable, and not 1 because concrete tooling and code fragments are present.

2 / 3

Workflow Clarity

A 'Verification' step (getDiagnostics) and validation emphasis exist, but the body is organized as topical sections rather than a sequenced multi-step workflow with explicit checkpoints for risky operations; it is not 3 because there is no clear validate->fix->retry loop or numbered sequence, and not 1 because some validation guidance is present.

2 / 3

Progressive Disclosure

The body cleanly points to references/REFERENCE.md (which exists) and is organized into sections, but REFERENCE.md itself links to authentication.md and security-headers.md that are absent from the bundle, creating a dangling/deep reference; it is not 3 because the reference chain is not fully resolvable, and not 1 because the SKILL.md overview is well-structured and signals its reference.

2 / 3

Total

8

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, complete, and distinctive, listing concrete security actions with an explicit 'Use when' trigger clause. It is a strong model description with no notable weaknesses.

DimensionReasoningScore

Specificity

Names three concrete actions ('Validate input, secure auth tokens, and prevent injection attacks'), matching the anchor for multiple specific concrete actions; it is not at 2 because the actions are explicit and varied rather than a single named domain.

3 / 3

Completeness

It clearly answers both what (the three security actions) and when via an explicit 'Use when...' clause with triggers, matching the top anchor; it is not at 2 because the when-guidance is explicit rather than implied.

3 / 3

Trigger Term Quality

The 'Use when' clause lists natural terms users would say ('validating input, handling auth tokens, sanitizing data, secrets and sensitive configuration'), giving good coverage; it is not at 2 because it covers several common variations rather than a single keyword.

3 / 3

Distinctiveness Conflict Risk

It occupies a clear TypeScript security niche with distinct triggers unlikely to conflict with unrelated skills; it is not at 2 because the scope (auth tokens, injection, secrets in TS) is specific rather than broadly overlapping.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

metadata_version

'metadata.version' is missing

Warning

metadata_field

'metadata' should map string keys to string values

Warning

Total

14

/

16

Passed

Repository
HoangNguyen0403/agent-skills-standard
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.