The Agent Skills Directory

[SAFE]: The skill provides a detailed set of migration templates and guides that are legitimate and functional. It explicitly suggests security best practices like using dompurify for sanitizing HTML (Gotcha 27) and setting up preview shells correctly for theme safety.
[CREDENTIALS_UNSAFE]: The skill implements standard patterns for accessing API credentials via process.env and specifically recommends using Cloudflare Workers secrets or .dev.vars (Gotcha 7 and platform-hooks README). No hardcoded credentials were found.
[EXTERNAL_DOWNLOADS]: Dependencies and remote resources are limited to trusted vendor repositories (@decocms), specific trusted GitHub repositories, and well-known services like Google Fonts and the official npm registry.
[DATA_EXFILTRATION]: The architecture utilizes server functions (createServerFn) as proxies for commerce API requests. This is a security design to protect sensitive keys from exposure in the client and manage CORS restrictions effectively.

deco-to-tanstack-migration