Security Best Practices

The security-best-practices skill provides a framework for AI agents to generate code and configurations that adhere to industry-standard security protocols. It ensures outputs minimize vulnerabilities by integrating defensive coding patterns and risk mitigation strategies directly into the development workflow.

When to use it

• Generating authentication logic or API endpoints that require strict input validation and secure handling of sensitive data.
• Reviewing existing code snippets for potential injection flaws, weak encryption implementations, or hardcoded credentials.
• Creating infrastructure-as-code templates (e.g., Terraform, Kubernetes) that enforce network segmentation and least-privilege access controls.
• Developing error handling routines that prevent information leakage without exposing stack traces to end-users.

Key capabilities

• Enforces secure coding standards across multiple programming languages.
• Identifies and suggests fixes for common vulnerability patterns like SQL injection and XSS.
• Generates configurations that prioritize data integrity and confidentiality.
• Adapts security measures based on the specific context of the application being built.

Example prompts

• "Write a Python function to handle user login that uses secure password hashing and prevents brute-force attacks."
• "Review this Node.js API route for security vulnerabilities and suggest improvements for input sanitization."
• "Generate a Kubernetes deployment manifest that restricts pod network access and disables root privileges."

Tips & gotchas

This skill is designed to augment human expertise, not replace it; always validate generated security code against your specific compliance requirements. While it reduces common risks, complex threat modeling may still require manual review by a dedicated security engineer.