AgentSkillsCN

Security Patterns

安全防护模式

SKILL.md

Security Patterns Skill

Overview

This skill teaches security best practices for Python development including vulnerability prevention and secure coding patterns.

Principles

  • Never Trust User Input: Always validate and sanitize
  • Defense in Depth: Multiple layers of security
  • Principle of Least Privilege: Minimal access required
  • Security by Design: Build security from the start

Key Capabilities

1. Common Vulnerabilities

  • SQL injection prevention
  • XSS (Cross-Site Scripting) prevention
  • CSRF (Cross-Site Request Forgery) protection
  • Input validation and sanitization
  • Authentication and authorization

2. Secure Coding

  • Password handling (bcrypt)
  • Cryptographic operations
  • Secure random generation
  • Secrets management

3. Security Auditing

  • bandit (Python security linter)
  • safety (dependency checker)
  • pip-audit (audit dependencies)

When to Use This Skill

Load this skill when:

  • Reviewing code for security vulnerabilities
  • Implementing secure authentication
  • Adding input validation
  • Securing file handling
  • Auditing dependencies

Sections

  • common-vulnerabilities.md: SQL injection, XSS, CSRF
  • secure-coding.md: Password handling, cryptography
  • input-validation.md: Validation and sanitization
  • security-auditing.md: bandit, safety, pip-audit