AgentSkillsCN

security-practices

安全实践,包括密钥管理、输入验证、SSRF防护和生产加固。用于对安全性敏感的代码。

SKILL.md
--- frontmatter
name: security-practices
description: Security practices including secrets management, input validation, SSRF prevention, and production hardening. Use for security-sensitive code.

security-practices

Quick Start

  1. All secrets in environment variables (never in config files)
  2. Validate inputs at system boundaries
  3. Sanitize error responses (no stack traces in production)
  4. Use HTTPS for all external connections

Key Principles

  • Environment variables for all secrets
  • SSRF prevention (block internal IP ranges)
  • Development vs Production mode separation
  • Rigorous input validation

References

See rules.md for complete conventions.