typescript-security

Validate input, secure auth tokens, and prevent injection attacks in TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration.

Quality

75%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./.github/skills/typescript/typescript-security/SKILL.md

Quality

Content

50%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill provides a solid overview of TypeScript security concerns with specific library recommendations and some concrete patterns, but falls short on fully executable code examples and relies heavily on bold formatting rather than demonstrating implementations. The anti-patterns section is the strongest part, offering specific do/don't guidance with concrete alternatives. The skill would benefit from replacing directive statements with runnable code snippets and tightening the presentation.

Suggestions

Add executable code examples for key patterns — e.g., a complete Zod schema with safeParse error handling, an Argon2id hash/verify snippet, and a JWT cookie setup — rather than just naming the libraries.

Remove redundant REFERENCE.md links (appears twice with overlapping descriptions) and consolidate into a single references section at the end.

Reduce excessive bold formatting — nearly every term is bolded, which diminishes its effectiveness as emphasis and adds visual noise.

Add a brief workflow sequence for the most common use case (e.g., 'When adding a new API endpoint: 1. Define Zod schema → 2. Add safeParse at handler entry → 3. Run getDiagnostics → 4. Add auth guard') to improve workflow clarity.

Dimension	Reasoning	Score
Conciseness	Generally efficient but has some redundancy — the bold formatting is excessive and distracting, and some concepts like XSS/SQL injection definitions are things Claude already knows. The anti-patterns section could be tighter, though it does add value with specific examples.	2 / 3
Actionability	Provides specific tool/library recommendations and some concrete patterns (e.g., parameterized query syntax, execFileSync with args array), but lacks fully executable code examples. Most guidance is directive rather than copy-paste ready — e.g., 'Use Argon2id for password hashing' without showing the actual implementation code.	2 / 3
Workflow Clarity	The verification step mentioning getDiagnostics is a good checkpoint, but the overall structure reads as a checklist of concerns rather than a sequenced workflow. For a security skill covering multiple domains (input validation, auth, injection prevention), clearer sequencing of when to apply each practice and validation feedback loops would strengthen this.	2 / 3
Progressive Disclosure	References to REFERENCE.md are well-signaled and appear to be one level deep, which is good. However, no bundle files were provided to verify the reference exists, and the REFERENCE.md is referenced twice with slightly different descriptions of its contents, which is redundant. The main content is reasonably organized into sections but some inline content (like the full anti-patterns list) could potentially be split out.	2 / 3
	Total	8 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly communicates specific security-related capabilities in TypeScript, includes natural trigger terms users would use, and explicitly states both what the skill does and when to use it. The description is concise, uses third-person voice, and carves out a distinct niche that minimizes conflict with other skills.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: 'Validate input', 'secure auth tokens', and 'prevent injection attacks', all within a named technology (TypeScript).	3 / 3
Completeness	Clearly answers both 'what' (validate input, secure auth tokens, prevent injection attacks in TypeScript) and 'when' with an explicit 'Use when...' clause listing multiple trigger scenarios.	3 / 3
Trigger Term Quality	Includes strong natural keywords users would say: 'validating input', 'auth tokens', 'sanitizing data', 'injection attacks', 'secrets', 'sensitive configuration'. These cover common variations of security-related queries.	3 / 3
Distinctiveness Conflict Risk	Targets a clear niche of security-focused TypeScript tasks (input validation, auth tokens, injection prevention, secrets management). The combination of security domain + TypeScript makes it distinct and unlikely to conflict with general coding or non-security skills.	3 / 3
	Total	12 / 12 Passed

Validation

81%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 9 / 11 Passed

Validation for skill structure

Criteria	Description	Result
metadata_version	'metadata.version' is missing	Warning
metadata_field	'metadata' should map string keys to string values	Warning

	Total	9 / 11 Passed

Repository: HoangNguyen0403/agent-skills-standard
Commit: de793e9

Reviewed: 4 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.