backend-security-coder
Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
60
Quality
43%
Does it follow best practices?
Impact
86%
1.43xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/backend-security-coder/SKILL.mdEvaluation results
95%
53%Shipment Tracking API Endpoint
JWT API security with input validation
Allowlist input validation
70%
100%
Parameterized queries
100%
100%
No sensitive data in errors
62%
100%
X-Content-Type-Options header
0%
100%
X-Frame-Options or CSP frame-ancestors
0%
100%
HSTS header
0%
100%
Rate limiting
0%
100%
JWT expiration validated
100%
100%
JWT signature verified
100%
100%
Audit logging
0%
100%
Fail securely on auth failure
100%
100%
Payload size or content-type validation
0%
37%
Without context: $0.5440 · 2m 5s · 19 turns · 68 in / 8,717 out tokens
With context: $0.8212 · 3m 10s · 29 turns · 865 in / 11,995 out tokens
91%
9%User Authentication System for HealthTrack Portal
Cookie auth with CSRF and password hashing
bcrypt or Argon2 hashing
100%
100%
Per-password unique salt
100%
100%
Cookie HttpOnly attribute
100%
100%
Cookie Secure attribute
62%
100%
Cookie SameSite attribute
100%
100%
CSRF token generated
100%
100%
CSRF token validated on state changes
100%
100%
Origin or Referer header validation
0%
50%
Session invalidated on logout
37%
50%
Passwords and tokens not logged
100%
100%
No hardcoded secrets
100%
100%
Without context: $0.5416 · 2m 6s · 23 turns · 72 in / 7,543 out tokens
With context: $0.8702 · 3m 44s · 27 turns · 75 in / 14,123 out tokens
74%
18%Webhook Event Delivery Service
SSRF prevention and external request security
Domain or URL allowlist
0%
0%
Internal IP range blocking
100%
100%
HTTPS-only protocol
0%
40%
Request timeout configured
100%
100%
Response size limit
0%
25%
Redirect safety
0%
100%
SSL certificate verification enabled
100%
100%
No internal details in error responses
37%
50%
Log sanitization
100%
100%
URL parsed and validated before request
100%
100%
Tests cover malicious URLs
100%
100%
Without context: $0.6301 · 2m 14s · 22 turns · 23 in / 9,509 out tokens
With context: $1.7089 · 6m 41s · 40 turns · 88 in / 27,518 out tokens
- Repository
- sickn33/antigravity-awesome-skills
- Commit
9c177eb
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.