The Agent Skills Directory

[Data Exposure & Exfiltration] (LOW): The file 'templates/project/src/lib/config.ts' contains a hardcoded placeholder API key ('sk-1234'). While intended as a mock value for local development with a LiteLLM proxy, hardcoding credential patterns in configuration files is a discouraged practice.
[Unverifiable Dependencies & Remote Code Execution] (LOW): The 'reference/tech-stack.md' file recommends installing the Bun runtime using 'curl -fsSL https://bun.sh/install | bash'. Although this is an official installation method, piped execution of remote scripts is a known security risk factor.
[Indirect Prompt Injection] (LOW): The LLM adapter template 'templates/project/src/adapters/llm.adapter.ts' facilitates LLM interactions that are vulnerable to indirect prompt injection if used with untrusted data. 1. Ingestion points: 'prompt' and 'systemPrompt' arguments in the 'complete' and 'chat' functions. 2. Boundary markers: No delimiters or protective instructions are included in the template. 3. Capability inventory: The template facilitates LLM calls via a configurable proxy. 4. Sanitization: No sanitization is performed on input strings before interpolation.

typescript-project