{
  "instruction": "Add a custom error handler that never leaks stack traces or internal details to clients",
  "relevant_when": "Agent creates or modifies an Express application, adds routes to an Express app, or sets up an Express project",
  "context": "Every Express app must have a custom error handler registered after all routes. Without one, Express shows full stack traces in development and generic HTML in production. A secure error handler must: have 4 parameters (err, req, res, next), log the full error internally, and return only a generic error message to the client for 500 errors.",
  "sources": [
    {
      "type": "file",
      "filename": "skills/express-security-basics/SKILL.md",
      "tile": "tessl-labs/express-security-basics@0.2.0"
    }
  ],
  "checklist": [
    {
      "name": "error-handler-defined",
      "rule": "Agent defines a custom error-handling middleware with 4 parameters (err, req, res, next) registered after all routes",
      "relevant_when": "Agent creates or modifies an Express application"
    },
    {
      "name": "no-stack-trace-in-response",
      "rule": "Agent does not include err.stack, internal file paths, or detailed error internals in the response body sent to clients",
      "relevant_when": "Agent creates or modifies an Express application"
    }
  ]
}

evals

skills

verifiers

cors-configured.json

helmet-enabled.json

input-limits-set.json

rate-limiting-added.json

secure-error-handler.json

trust-proxy-configured.json

tile.json

tessl-labs/express-security-basics

secure-error-handler.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}verifiers/

secure-error-handler.jsonverifiers/