AgentSkillsCN

web-security

遵循 OWASP Top 10 安全标准,配置安全头信息、内容安全策略(CSP)、防范 XSS 攻击以及漏洞防护措施。

SKILL.md
--- frontmatter
name: web-security
description: OWASP Top 10, security headers, CSP, XSS prevention, and vulnerability prevention.
allowed-tools: Read, Write, Edit, Bash, Glob, Grep

Web Security Skill

Expert assistance for web application security.

Capabilities

  • Implement security headers
  • Configure CSP
  • Prevent XSS/CSRF
  • Secure authentication
  • Handle sensitive data

Security Headers

typescript
// Next.js
const securityHeaders = [
  { key: 'X-DNS-Prefetch-Control', value: 'on' },
  { key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubDomains' },
  { key: 'X-XSS-Protection', value: '1; mode=block' },
  { key: 'X-Frame-Options', value: 'SAMEORIGIN' },
  { key: 'X-Content-Type-Options', value: 'nosniff' },
  { key: 'Referrer-Policy', value: 'origin-when-cross-origin' },
];

Target Processes

  • security-audit
  • security-implementation
  • owasp-compliance