The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation in references/js-measure-fps.md recommends installing the Flashlight performance tool using a piped shell command: curl https://get.flashlight.dev | bash. While this is a common installation method for CLI tools, it executes remote scripts directly without integrity verification.
[REMOTE_CODE_EXECUTION]: In references/bundle-code-splitting.md, the skill describes how to implement code splitting using Re.Pack, which involves loading JavaScript chunks from remote URLs at runtime (e.g., https://my-cdn.com/assets/${scriptId}). This pattern enables dynamic remote code loading in the target application, which requires strict security controls like HTTPS and SRI.
[EXTERNAL_DOWNLOADS]: The skill references numerous third-party dependencies and plugins from established organizations, including Spotify (com.spotify.ruler), Shopify (@shopify/flash-list), Microsoft (@rnx-kit/metro-serializer-esbuild), and Meta (babel-plugin-react-compiler). These are documented as part of standard optimization workflows.
[COMMAND_EXECUTION]: The guides contain multiple shell commands for building and analyzing applications, such as npx react-native bundle, xcodebuild, and ./gradlew clean. These are standard development operations associated with the primary purpose of the skill.

react-native-best-practices