The Agent Skills Directory

[SAFE]: The skill consists of instructional content and verification checklists designed to improve the security posture of TanStack Start projects. It encourages the use of framework-specific security primitives like createServerFn and beforeLoad to protect routes and data.
[SAFE]: The provided analysis commands (using rg and sed) and project verification scripts (pnpm lint, pnpm test) are standard development tools used for diagnostic purposes and do not exhibit malicious behavior or unauthorized access.
[SAFE]: The skill maintains a clear separation between client and server code, providing explicit rules to prevent secret leakage and ensuring that sensitive logic remains behind server-side boundaries.
[SAFE]: The skill has a potential surface for indirect prompt injection because it analyzes project source code and user tasks. However, it includes mandatory verification steps and manual review gates to ensure changes are safe and validated before completion.
Ingestion points: Project configuration files (app.config.ts, package.json) and source code in the src or app directories.
Boundary markers: None explicitly defined within the skill's instructions.
Capability inventory: File searching (rg), file reading (sed), and project command execution (pnpm).
Sanitization: Relies on manual developer review and standard project linting/testing tools.

tanstack-start-security