Loading...

web-security

Original：🇺🇸 English

Translated

Enforce web security and avoid security vulnerabilities

2installs

Sourceacademind/ai-config

Added on2026-02-09

NPX Install

npx skill4agent add academind/ai-config web-security

Tags

Translated version includes tags in frontmatter

web-security xss-protection authentication-authorization csp-practices supply-chain-security

SKILL.md Content

View Translation Comparison →

Web Security

We treat web security as a core requirement, not an afterthought. Assume hostile input and untrusted environments by default.

Core Principles

NEVER trust user input
ALWAYS validate and sanitize data at boundaries
Prefer secure defaults over configurability

XSS & Injection

AVOID
```
dangerouslySetInnerHTML
```
and raw HTML injection
Escape and encode dynamic content properly
Never interpolate untrusted data into HTML, CSS, or JS contexts
Ensure SQL injection protection

Authentication & Authorization

Do not store secrets or tokens in insecure locations
AVOID localStorage for sensitive credentials when possible
Use HTTP-only, secure cookies where applicable
Always enforce authorization on the server

Browser Security APIs

Respect CORS, CSP, and browser security boundaries
Use Content Security Policy to restrict script and resource execution
Avoid inline scripts and styles when CSP is enabled

Data Handling

Minimize data exposure
Do not log sensitive information

Dependencies & Supply Chain

Avoid unnecessary packages
Treat third-party code as untrusted input

General Principles

Simplicity reduces attack surface
If unsure, choose the more restrictive option