template-renderer

Renders templates by replacing placeholders with values, ensuring schema validation and security sanitization for various template types.

Install this skill

or

55/100

Security score

The template-renderer skill was audited on May 12, 2026 and we found 7 security issues across 2 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 149

Template literal with variable interpolation in command context

SourceSKILL.md

149	throw new Error(`Token not in whitelist: ${token}`);

medium line 156

Template literal with variable interpolation in command context

SourceSKILL.md

156	const regex = new RegExp(`\\{\\{${token}\\}\\}`, 'g');

medium line 163

Template literal with variable interpolation in command context

SourceSKILL.md

163	throw new Error(`Missing required tokens: ${missingTokens.join(', ')}`);

medium line 195

Template literal with variable interpolation in command context

SourceSKILL.md

195	throw new Error(`Schema validation failed: ${JSON.stringify(validate.errors)}`);

medium line 391

Template literal with variable interpolation in command context

SourceSKILL.md

391	outputPath: `.claude/context/artifacts/specifications/${featureName}-spec.md`,

high line 260

Access to /etc/passwd

SourceSKILL.md

260	Path: ../../etc/passwd

medium line 260

Path traversal to sensitive directory

SourceSKILL.md

260	Path: ../../etc/passwd

Scanned on May 12, 2026

View Security Dashboard

Installation guide →

GitHub Stars 18

Rate this skill

Categoryproduct

UpdatedMay 21, 2026

claude frontend docx api product-manager project-manager ux-designer product project management design

oimiragieo/agent-studio