Agent-Skills.md

Agent Skills: Web Security

Enforce web security and avoid security vulnerabilities

UncategorizedID: academind/ai-config/web-security

Repository

academind/ai-config
academind
3

Install this agent skill to your local

pnpm dlx add-skill https://github.com/academind/ai-config/tree/HEAD/skills/web-security

Skill Files

Browse the full folder contents for web-security.

Download Skill

Loading file tree…

skills/web-security/SKILL.md

Skill Metadata

Name
web-security
Description
Enforce web security and avoid security vulnerabilities

Web Security

We treat web security as a core requirement, not an afterthought. Assume hostile input and untrusted environments by default.

Core Principles

  • NEVER trust user input
  • ALWAYS validate and sanitize data at boundaries
  • Prefer secure defaults over configurability

XSS & Injection

  • AVOID dangerouslySetInnerHTML and raw HTML injection
  • Escape and encode dynamic content properly
  • Never interpolate untrusted data into HTML, CSS, or JS contexts
  • Ensure SQL injection protection

Authentication & Authorization

  • Do not store secrets or tokens in insecure locations
  • AVOID localStorage for sensitive credentials when possible
  • Use HTTP-only, secure cookies where applicable
  • Always enforce authorization on the server

Browser Security APIs

  • Respect CORS, CSP, and browser security boundaries
  • Use Content Security Policy to restrict script and resource execution
  • Avoid inline scripts and styles when CSP is enabled

Data Handling

  • Minimize data exposure
  • Do not log sensitive information

Dependencies & Supply Chain

  • Avoid unnecessary packages
  • Treat third-party code as untrusted input

General Principles

  • Simplicity reduces attack surface
  • If unsure, choose the more restrictive option