Agent-Skills.md

Agent Skills: Input Validation

Input Validation security skill

UncategorizedID: mgreenly/ikigai/security/input-validation

Author

mgreenly

https://github.com/mgreenly View all skills

Repository

mgreenly/ikigai

mgreenlyLicense: MIT-0

1

Install this agent skill to your local

pnpm dlx add-skill https://github.com/mgreenly/ikigai/tree/HEAD/.claude/library/security/input-validation

Skill Files

Browse the full folder contents for security/input-validation.

Loading file tree…

.claude/library/security/input-validation/SKILL.md

Skill Metadata

Name: security/input-validation
Description: Input Validation security skill

Input Validation

All external data is hostile. Validate exhaustively at trust boundaries, reject by default.

ikigai Application

Trust boundaries in ikigai:

Terminal input (keystrokes, escape sequences)
Config files (JSON, paths)
LLM responses (streaming chunks)
Environment variables

Injection vectors:

Command injection: Never pass user strings to system() or popen()
Path traversal: Reject .., canonicalize paths before use
Format string: Never printf(user_input), always printf("%s", user_input)
Null byte: Truncates C strings, bypasses extension checks

Validation principles:

Allowlist over blocklist
Validate type, length, format, range
Reject on first failure
Sanitize for context (shell, SQL, HTML, ANSI)

After validation: Internal functions can assert() preconditions. The boundary function already validated.

Review red flags: User data in format strings, string concatenation for paths/commands, unchecked lengths.