input-sanitisation
Installation
SKILL.md
Input Sanitisation - Injection Prevention Patterns
Defence-in-depth patterns preventing injection attacks across the full stack. Complements data-validation (which checks shape/type) by ensuring data is safe for its destination context (HTML, SQL, shell, URL).
Description
Covers XSS, SQL injection, command injection, URL redirect, and SSRF prevention patterns for the Next.js frontend and FastAPI backend. Enforces output encoding, parameterised queries, and safe subprocess handling aligned with OWASP Top 10 guidelines.
When to Apply
Positive Triggers
- Rendering user-generated content in HTML
- Constructing database queries with user input
- Building shell commands or subprocess calls
- Handling URL parameters or redirect targets
- Reviewing code for OWASP Top 10 vulnerabilities
- User mentions: "XSS", "injection", "sanitise", "security", "escape", "OWASP"
Related skills
More from cleanexpo/nodejs-starter-v1
council-of-logic
>
19dashboard-patterns
>-
17scientific-luxury
>
16execution-guardian
>-
13xaem-theme-ui
>
12genesis-orchestrator
Autonomous project orchestration protocol for Next.js full-stack builds. Triggers on "build", "implement", "create feature", "plan", "architecture", or when starting new phases. Enforces phase-locked execution, token economy, and sectional verification gates.
12