All skills
Skillintermediate
Security Guidelines
Before ANY commit: - [ ] No hardcoded secrets (API keys, passwords, tokens) - [ ] All user inputs validated - [ ] SQL injection prevention (parameterized queries) - [ ] XSS prevention (sanitized HTML) - [ ] CSRF protection enabled - [ ] Authentication/authorization verified - [ ] Rate limiting on all endpoints - [ ] Error messages don't leak sensitive data
Claude Code Knowledge Pack7/10/2026
Overview
Security Guidelines
Mandatory Security Checks
Before ANY commit:
- No hardcoded secrets (API keys, passwords, tokens)
- All user inputs validated
- SQL injection prevention (parameterized queries)
- XSS prevention (sanitized HTML)
- CSRF protection enabled
- Authentication/authorization verified
- Rate limiting on all endpoints
- Error messages don't leak sensitive data
Secret Management
- NEVER hardcode secrets in source code
- ALWAYS use environment variables or a secret manager
- Validate that required secrets are present at startup
- Rotate any secrets that may have been exposed
Security Response Protocol
If security issue found:
- STOP immediately
- Use security-reviewer agent
- Fix CRITICAL issues before continuing
- Rotate any exposed secrets
- Review entire codebase for similar issues