Security Skill
Instructions
- •Validate all input with
security-utils.ts - •Sanitize user content with
SafeMarkdownorsanitizePlainText - •Rate limit all API endpoints
- •Verify auth for protected routes
- •Check ownership for write operations
Quick Reference
typescript
// Input validation
import { validateString, CONTENT_LIMITS } from '@/lib/security-utils'
const result = validateString(input, 'fieldName', { required: true, maxLength: 100 })
// XSS prevention
import SafeMarkdown from '@/components/SafeMarkdown'
<SafeMarkdown>{userContent}</SafeMarkdown>
// Rate limiting
import { checkRateLimit, RATE_LIMIT_CONFIGS } from '@/lib/rate-limiter'
const { allowed } = checkRateLimit(clientId, RATE_LIMIT_CONFIGS.AUTHENTICATED_WRITE)
// Auth
import { verifyAuth } from '@/lib/auth-utils'
const authUser = await verifyAuth(request)
For complete validation patterns, file upload security, and OWASP coverage, see reference.md.