security-patterns
Security patterns and OWASP guidelines. Triggers on: security review, OWASP, XSS, SQL injection, CSRF, authentication, authorization, secrets management, input validation, secure coding.
91
88%
Does it follow best practices?
Impact
95%
1.03xAverage score across 3 eval scenarios
Passed
No known issues
Evaluation results
97%
1%User Profile Management API
SQL injection prevention and resource authorization
Parameterized queries
100%
100%
No f-string SQL
50%
62%
Input type validation
100%
100%
Input length validation
100%
100%
Input format validation
100%
100%
Resource ownership check
100%
100%
Deny by default
100%
100%
No trusted raw headers/params
100%
100%
Allowlist validation
100%
100%
Admin bypass check
100%
100%
Security scan documented
100%
100%
94%
4%Authentication System for a Web Application
Secure authentication implementation
Bcrypt/argon2/scrypt used
100%
100%
Cost factor 12+
100%
90%
Rate limiting on login
100%
100%
Account lockout
50%
100%
HttpOnly cookie flag
100%
100%
Secure cookie flag
100%
100%
SameSite cookie flag
100%
100%
No hardcoded secrets
70%
50%
Secrets from env vars
100%
100%
Secrets not logged
75%
100%
Session token quality
100%
100%
95%
5%Community Discussion Board Web Application
Security headers and XSS output encoding
No innerHTML with user data
100%
100%
Safe DOM insertion
80%
80%
URL parameter encoding
100%
62%
Content-Security-Policy header
100%
100%
X-Content-Type-Options header
100%
100%
X-Frame-Options header
100%
100%
HSTS header
0%
100%
Referrer-Policy header
100%
100%
Permissions-Policy header
100%
100%
HTML entity encoding
100%
100%
Headers applied globally
100%
100%
- Repository
- NeverSight/skills_feed
- Commit
f772de4
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.