The Agent Skills Directory

Local Service Management: The skill includes automation for managing background processes such as MCP servers and devtunnels. It utilizes standard operating system utilities like Start-Process for Windows and nohup for Linux/macOS to ensure these services run independently of the agent session. This is a common and necessary pattern for local development workflows.
Environment Configuration: The skill automates the management of local environment variables in .env.local. This process is used to store development-specific configuration such as local ports and tunnel URLs, aligning with secure development practices by isolating environment settings from code.
Dependency and Tooling Integration: The instructions leverage established development tools and package managers, including npm, pip, and the atk CLI. It also utilizes the official MCP Inspector to verify server configurations and tool definitions.
Security Best Practices in Reference Code: The provided TypeScript implementation demonstrates high security standards, such as explicit guards against path traversal attacks when serving local widget assets and strict origin-checking for Cross-Origin Resource Sharing (CORS).
Secure Data Rendering: The skill enforces the use of React and Fluent UI for widget development. This provides inherent protection against Cross-Site Scripting (XSS) through React's default output escaping. Additionally, the skill includes explicit documentation and guidance on preventing XSS and handling partial data safely.

ui-widget-developer