The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill documentation includes an installation command for '@tanstack/react-form' and imports from '@oakoss/ui'. Since these organizations are not listed as Trusted External Sources, these dependencies are considered unverifiable and should be audited for integrity before use.
[Indirect Prompt Injection] (LOW): The code defines components for ingesting untrusted user data, creating a potential attack surface. 1. Ingestion points: 'TextField' and 'FormTextField' components in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: 'console.log' (output only; no network or filesystem write capabilities identified). 4. Sanitization: Employs Zod schemas for strict validation and type-checking of input data.

tanstack-form