---
title: "Security Guidelines"
description: "Before ANY commit: - [ ] No hardcoded secrets (API keys, passwords, tokens) - [ ] All user inputs validated - [ ] SQL injection prevention (parameterized queries) - [ ] XSS prevention (sanitized HTML) - [ ] CSRF protection enabled - [ ] Authentication/authorization verified - [ ] Rate limiting on all endpoints - [ ] Error messages don't leak sensitive data"
type: skill
canonical_url: https://claudary.paisolsolutions.com/skills/security-22
source: "Claudary"
difficulty: intermediate
author: "Claude Code Knowledge Pack"
date: 2026-07-10T11:46:34.954Z
license: CC-BY-4.0
attribution: "Security Guidelines — Claudary (https://claudary.paisolsolutions.com/skills/security-22)"
---

# Security Guidelines
Before ANY commit: - [ ] No hardcoded secrets (API keys, passwords, tokens) - [ ] All user inputs validated - [ ] SQL injection prevention (parameterized queries) - [ ] XSS prevention (sanitized HTML) - [ ] CSRF protection enabled - [ ] Authentication/authorization verified - [ ] Rate limiting on all endpoints - [ ] Error messages don't leak sensitive data

## Overview

---
inclusion: auto
description: Security best practices including mandatory checks, secret management, and security response protocol.
---

# Security Guidelines

## Mandatory Security Checks

Before ANY commit:
- [ ] No hardcoded secrets (API keys, passwords, tokens)
- [ ] All user inputs validated
- [ ] SQL injection prevention (parameterized queries)
- [ ] XSS prevention (sanitized HTML)
- [ ] CSRF protection enabled
- [ ] Authentication/authorization verified
- [ ] Rate limiting on all endpoints
- [ ] Error messages don't leak sensitive data

## Secret Management

- NEVER hardcode secrets in source code
- ALWAYS use environment variables or a secret manager
- Validate that required secrets are present at startup
- Rotate any secrets that may have been exposed

## Security Response Protocol

If security issue found:
1. STOP immediately
2. Use **security-reviewer** agent
3. Fix CRITICAL issues before continuing
4. Rotate any exposed secrets
5. Review entire codebase for similar issues

---

Source: [Claudary](https://claudary.paisolsolutions.com/skills/security-22) · https://claudary.paisolsolutions.com
