tessl-labs/springboot-security-basics
Security defaults that belong in every Spring Boot application from day one.
88
1.79x
Quality
83%
Does it follow best practices?
Impact
97%
1.79xAverage score across 5 eval scenarios
Securityby
Passed
No known issues
input-validation.jsonverifiers/
{
"instruction": "Use Bean Validation (@Valid) on all request bodies and handle validation errors securely",
"relevant_when": "Agent creates or modifies Spring Boot REST endpoints that accept request bodies",
"context": "Every @RequestBody parameter must have @Valid annotation. DTOs should use Jakarta Bean Validation annotations (@NotBlank, @Size, @Email, @Min, @Max). A global exception handler (@RestControllerAdvice) should catch MethodArgumentNotValidException and return structured error responses without leaking stack traces. Never trust user input without validation.",
"sources": [
{
"type": "file",
"filename": "skills/springboot-security-basics/SKILL.md",
"tile": "tessl-labs/springboot-security-basics@0.2.0"
}
],
"checklist": [
{
"name": "valid-annotation-on-request-body",
"rule": "Agent adds @Valid annotation to @RequestBody parameters in controller methods",
"relevant_when": "Agent creates REST endpoints that accept request bodies"
},
{
"name": "dto-validation-constraints",
"rule": "Agent adds validation annotations (@NotBlank, @Size, @Email, etc.) to DTO fields",
"relevant_when": "Agent creates request DTOs for REST endpoints"
},
{
"name": "global-exception-handler",
"rule": "Agent creates a @RestControllerAdvice that handles MethodArgumentNotValidException and returns structured error responses without stack traces",
"relevant_when": "Agent creates a Spring Boot REST API"
}
]
}evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
skills
springboot-security-basics
verifiers