The Agent Skills Directory

Security Posture (SAFE): The skill focuses on promoting security best practices, such as rule sec-validate-inputs, which mandates using Zod for schema validation to prevent injection and unauthorized data modification.
Data Exposure & Exfiltration (SAFE): The analysis found no hardcoded credentials or unauthorized network calls. The skill correctly demonstrates the use of environment variables for sensitive data like Stripe keys and session secrets, and provides clear guidance on separating server-only configuration from client-side code.
Unverifiable Dependencies (SAFE): All referenced packages (@tanstack/react-start, zod, stripe, etc.) are well-known, reputable libraries within the React ecosystem. No suspicious remote script execution patterns (e.g., curl|bash) were found.
Obfuscation (SAFE): No attempts to hide or encode malicious logic using Base64, zero-width characters, or other obfuscation techniques were detected.
Execution Safety (SAFE): The code provided consists of static examples and templates. There is no usage of dangerous dynamic execution functions like eval() or exec().

tanstack-start-best-practices