security_audit
Installation
SKILL.md
Security Audit Protocol
1. Critical "Guard" Files
WARNING: The following files are OFF-LIMITS for modification without explicit user approval.
scripts/ai-diff-gate.ts.github/workflows/**- Any file with
midlaworpolicyin the name.
2. Database Security (Supabase)
- RLS (Row Level Security):
- EVERY table must have RLS enabled.
- Policies must explicitly define
USINGandWITH CHECKclauses. - NEVER use
service_rolekey in frontend client code.
- SQL Injection:
- Use parameterized queries or ORM methods (Supabase JS client) only.
- Avoid raw SQL string concatenation.
Related skills
More from cityfish91159/maihouses
agentic_architecture
Enforces high-level architectural thinking, separation of concerns, and scalability checks before coding.
19code-review-excellence
程式碼審查最佳實踐指南。當進行 PR review、代碼審查或用戶提到「review」、「審查」時使用。
19nasa_typescript_safety
Adapts NASA's "Power of 10" safety rules for high-reliability TypeScript code.
18frontend_mastery
Advanced React patterns, performance optimization, and state management rules.
18code-simplifier
|
18type-checker
執行 TypeScript 類型檢查並修復類型錯誤。當遇到類型錯誤、需要類型定義、或用戶提到「type」、「類型」時使用。
18