csrf-protection-validator

Csrf Protection Validator - Auto-activating skill for Security Fundamentals. Triggers on: csrf protection validator, csrf protection validator Part of the Security Fundamentals skill category.

0.96x

Quality

Does it follow best practices?

Impact

95%

0.96x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/csrf-protection-validator/SKILL.md

Evaluation results

89%

-9%

Secure a Node.js Web Application Against Cross-Site Request Forgery

CSRF token implementation in Express.js

Criteria

Without context

With context

CSRF middleware used

100%

Token generated per-request

100%

Token embedded in form

100%

Server-side token validation

100%

Session dependency satisfied

100%

Production-ready config

80%

70%

Error handling present

100%

20%

OWASP alignment noted

100%

Approach documented

100%

No sensitive state in URL

100%

Without context: $0.5013 · 2m 11s · 27 turns · 28 in / 7,142 out tokens

With context: $0.6987 · 2m 30s · 35 turns · 33 in / 8,413 out tokens

100%

Audit a Web Application for CSRF Vulnerabilities

CSRF vulnerability audit and remediation

Criteria

Without context

With context

/transfer identified

100%

/update-email identified

100%

/delete-account evaluated

100%

Referer bypass explained

100%

Standard referenced

100%

CSRF tokens in remediation

100%

All state-changing routes protected

100%

GET-only route not over-protected

100%

Production-ready approach

100%

Changes documented

100%

Structured audit report

100%

Without context: $0.3921 · 2m 8s · 17 turns · 15 in / 7,510 out tokens

With context: $0.5101 · 2m 11s · 25 turns · 26 in / 7,413 out tokens

96%

Build a CSRF Protection Validator Script

CSRF protection validation and OWASP compliance

Criteria

Without context

With context

Validator script exists

100%

Forged request simulation

100%

PASS/FAIL determination

100%

JSON results file

100%

Protected endpoint marked PASS

100%

Unprotected endpoint marked FAIL

100%

Configurable endpoints

50%

Standard referenced in notes

100%

Step-by-step approach documented

100%

No large downloaded files

100%

Production-quality code

100%

Without context: $0.4472 · 2m 1s · 22 turns · 23 in / 7,202 out tokens

With context: $0.5580 · 2m 14s · 27 turns · 59 in / 7,843 out tokens

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 994edc4

Evaluated: 18 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Secure a Node.js Web Application Against Cross-Site Request Forgery Audit a Web Application for CSRF Vulnerabilities Build a CSRF Protection Validator Script

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.