security-fundamentals

Installation
SKILL.md

Concept of the skill

What it is: Security fundamentals are the design principles and threat-modeling habits that decide whether a system can safely handle data, identity, and authority under adversarial conditions.

Mental model: Start with assets, adversaries, trust boundaries, and privileged actions. Every mitigation should be traceable to what crosses a boundary, who controls each side, what can go wrong, and how much damage remains if the boundary fails.

Why it exists: Security added after the system works is expensive and incomplete. Designing security in early makes attacks harder, slower, easier to detect, and smaller in blast radius.

What it is NOT: It is not an OWASP deep audit, LLM prompt-injection architecture, vendor webhook mechanics, scanner configuration, cryptographic primitive implementation, or legal compliance workflow.

Adjacent concepts: owasp-security owns category-specific application-security review; prompt-injection-defense owns LLM instruction-channel threats; type-safety carries validated values after boundary parsing; api-design and http-semantics shape public interfaces; webhook-integration owns vendor webhook mechanics.

One-line analogy: Security fundamentals are like structural engineering for software: load-bearing decisions must be in the design before people move in.

Common misconception: A pile of controls is not the same as a security argument; controls matter only when they are placed at the right trust boundaries and fail safely.

Security Fundamentals

Coverage

Installs
3
First Seen
May 18, 2026
security-fundamentals — jacob-balslev/skills