missing-authentication-anti-pattern
Installation
SKILL.md
Missing Authentication Anti-Pattern
Severity: Critical
Summary
Missing or broken authentication occurs when applications fail to verify user identity, allowing unauthorized access to protected data and functionality. This manifests as unprotected endpoints, missing session checks, or weak credential verification vulnerable to bypass or brute-force. AI-generated code frequently produces insecure boilerplate with stubbed or missing authentication checks.
The Anti-Pattern
Never create endpoints accessing sensitive data or functionality without verifying user identity and validating active sessions.
BAD Code Example
# VULNERABLE: Critical API endpoint without authentication check
from flask import request, jsonify
from db import User, session