security

star 0

Assess and improve code security.

jahales By jahales schedule Updated 2/4/2026
play_arrow Run Skill in Manus View GitHub

name: security description: Assess and improve code security.

Security Skill

Use this skill to evaluate or guide implementation with security in mind. Focus on the following areas:

Input Validation

  • Validate and sanitise all external inputs (HTTP requests, user input, file uploads). Reject unexpected, malformed or malicious data early.
  • Use parameterised queries and prepared statements to prevent SQL injection. Avoid string concatenation for dynamic queries.
  • When constructing shell commands or system calls, escape or whitelist arguments to mitigate command injection.

Authentication & Authorisation

  • Ensure proper authentication mechanisms are implemented. Use secure password hashing (e.g. bcrypt, Argon2) and multi-factor authentication where appropriate.
  • Apply the principle of least privilege: grant users and services only the permissions they need. Check authorisation on every protected operation.
  • Validate session tokens and JSON Web Tokens (JWTs) on every request. Handle token expiry and revocation gracefully.

Secrets Management

  • Do not hardcode secrets (API keys, credentials, tokens) in code. Use environment variables or secrets management services.
  • Rotate credentials regularly and enforce strong password policies. Use unique secrets for different environments (dev, staging, prod).
  • Monitor for accidental exposure of secrets in logs or error messages.

Dependency Safety

  • Pin dependency versions to avoid unintentional upgrades. Regularly check for known vulnerabilities (e.g. via npm audit, pip-audit, or Snyk).
  • Remove unused dependencies and avoid bringing in untrusted libraries. Prefer maintained and reputable packages.

Sensitive Data Handling

  • Encrypt sensitive data at rest and in transit using industry‑standard algorithms. Use TLS for all network communications.
  • Do not log personally identifiable information (PII) or confidential data. Sanitize logs and monitoring outputs.
  • Apply strict access controls to databases and storage. Mask or hash data where possible.

Common Vulnerabilities

  • Protect against cross-site scripting (XSS) by escaping user‑supplied content before rendering it in HTML. Use context‑aware escaping.
  • Mitigate cross-site request forgery (CSRF) using tokens and same‑site cookies. Verify the origin of requests.
  • Prevent server-side request forgery (SSRF) by validating URLs and restricting network access to internal services.
  • Defend against XML and YAML external entity attacks (XXE) by disabling entity resolution when parsing.

Error Handling

  • Fail securely: handle exceptions gracefully and do not expose internal stack traces or sensitive information to users.
  • Log errors with sufficient context for debugging, but avoid logging secrets or sensitive data.

Security Testing

  • Consider running static and dynamic analysis tools (e.g. linters, SAST, DAST). Address findings promptly.
  • Include security tests or checklists in your CI pipeline. Monitor for new vulnerabilities in dependencies.

Provide concrete recommendations for remediation and align them with the project’s constitution. Security is everyone’s responsibility; integrate these practices throughout the development lifecycle.

Install via CLI
npx skills add https://github.com/jahales/etude-story --skill security
Repository Details
star Stars 0
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
jahales
jahales Explore all skills →