security-best-practices
Security Best Practices
Overview
Identify in-scope languages/frameworks, load matching guidance from references/, and apply it to:
- write secure-by-default code,
- flag critical issues during normal work,
- produce a prioritized security report when requested.
Workflow
- Identify all in-scope languages/frameworks (frontend and backend where applicable).
- Load all matching
references/files:<language>-<framework>-<stack>-security.md<language>-general-<stack>-security.mdwhen present.
- For full-stack web work, cover both frontend and backend.
- If frontend framework is unspecified, also load
javascript-general-web-frontend-security.md. - If no matching references exist, use established best practices; if uncertain, research recent authoritative sources.
More from derklinke/codex-config
copywriting
When the user wants to write, rewrite, or improve marketing copy for any page — including homepage, landing pages, pricing pages, feature pages, about pages, or product pages. Also use when the user says "write copy for," "improve this copy," "rewrite this page," "marketing copy," "headline help," or "CTA copy." For email copy, see email-sequence. For popup copy, see popup-cro.
26supabase-postgres-best-practices
Postgres performance optimization and best practices from Supabase. Use this skill when writing, reviewing, or optimizing Postgres queries, schema designs, or database configurations.
23pdf
Use when tasks involve reading, creating, or reviewing PDF files where rendering and layout matter; prefer visual checks by rendering pages (Poppler) and use Python tools such as `reportlab`, `pdfplumber`, and `pypdf` for generation and extraction.
23marketing-psychology
When the user wants to apply psychological principles, mental models, or behavioral science to marketing. Also use when the user mentions 'psychology,' 'mental models,' 'cognitive bias,' 'persuasion,' 'behavioral science,' 'why people buy,' 'decision-making,' or 'consumer behavior.' This skill provides 70+ mental models organized for marketing application.
22justfile-authoring
Create, edit, or review justfiles for the just command runner. Use when adding or modifying recipes, parameters, dependencies, settings, attributes, aliases, or shebang scripts; fixing invocation or working-directory behavior; or documenting tasks for `just --list` output.
22commit-conventions
Create conventional commit messages and plan commits. Use when a user asks to commit changes, write commit messages, or organize commits. Enforce repo-specific git/commit rules from AGENTS.md and split multiple logical changes into separate, digestible commits.
21