The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The installation command in metadata.json downloads content from a GitHub repository owned by 'majiayu000', which is not listed as a trusted organization or well-known service. This constitutes an unverifiable external download during the setup process.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and analyze user-provided TypeScript code and architectural designs without implementing boundary markers or sanitization.
[PROMPT_INJECTION]: Indirect injection analysis:
Ingestion points: Processes user-provided source code, generic definitions, and architecture specifications.
Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded within the data being processed.
Capability inventory: The skill is capable of generating and suggesting writes for TypeScript source files, test suites (Jest/Vitest), and configuration files (TSConfig).
Sanitization: Absent; the skill lacks mechanisms to validate or filter instructions that may be hidden in comments or metadata within the processed TypeScript code.

typescript-pro