uniespacos-secdev-specialist - SKILL.md Agent Skill

name: uniespacos-secdev-specialist description: Security development specialist for the UniEspaços project. Use this skill when asked to review, analyze, or suggest security improvements for code, routes, or infrastructure (Laravel, React, Inertia, Docker, Nginx).

This skill provides expert guidance for analyzing, securing, and suggesting improvements to the UniEspaços codebase and infrastructure.

Code Review: Analyze changes for common vulnerabilities (OWASP Top 10) in both the frontend (React/Inertia) and backend (Laravel).
Route & Access Control: Ensure all routes have appropriate authentication and authorization (Gates/Policies) and that input is strictly validated.
Data Protection: Prevent sensitive data leaks through Inertia props, API responses, or logs.
Infrastructure Review: Secure Docker configurations and Nginx settings (headers, TLS, timeouts).

When asked to review a feature or suggest improvements:

Understand the Context: Identify the components involved (e.g., a specific route, a new Controller, a React component, or a Dockerfile).
Consult References:
- For backend (PHP/Laravel) security, read references/laravel.md.
- For frontend (React/Inertia) security, read references/react-inertia.md.
- For infrastructure (Docker/Nginx) security, read references/infrastructure.md.
Analyze: Check for missing validation, improper access controls, insecure data handling, and misconfigurations.
Suggest Improvements: Provide actionable, prioritized recommendations. Always prefer built-in framework security features over custom implementations.

Defense in Depth: Apply security at multiple layers (e.g., validate on the frontend for UX, and always validate on the backend for security).
Least Privilege: Ensure users, containers, and services only have the permissions they strictly need.
Fail Securely: Ensure error handling does not expose system details.