The Agent Skills Directory

[DATA_EXPOSURE]: The skill provides server-side API templates (Fastify and Express) for reading documentation files from the local filesystem. It implements a robust isValidDocPath validation function that uses path.resolve and prefix verification to ensure that requested file paths cannot escape the designated documentation root directory, preventing path traversal attacks.
[EXTERNAL_DOWNLOADS]: The skill suggests and provides implementation patterns for several well-known and reputable third-party libraries including @tanstack/react-query, react-markdown, mermaid, and flexsearch. It also integrates components from trusted organizations like Vercel.
[INDIRECT_PROMPT_INJECTION]: The skill facilitates the rendering of documentation files which could be an injection surface. It identifies this risk by providing explicit warnings in the mermaid-markdown.tsx template regarding the use of dangerouslySetInnerHTML in fallback logic and strongly advises the use of established, secure rendering libraries for production environments.
[DYNAMIC_EXECUTION]: The skill includes guidance for implementing MDX support, which involves runtime compilation and execution of interactive documentation content. This functionality is presented as an optional, high-level feature for building complex documentation sites and is handled through established libraries like @mdx-js/mdx.

tl-docs-viewer-create