Skills

oracle-security

Installation
SKILL.md

oracle-security: Security Architecture & Threat Modeling

When to Use

Auto-invokes when context contains:

  • Authentication, authorization, session management
  • User input, validation, untrusted data
  • External integrations, webhooks, third-party APIs
  • File uploads, data processing
  • Encryption, hashing, secrets, sensitive data
  • Security concerns, vulnerabilities, threats

The Security Mindset

Core Principles

  1. Validate at Boundaries — Every entry point is a trust boundary. Assume everything that crosses it is hostile until proven otherwise.

  2. Never Trust the Client — Client-side validation, hidden fields, and browser headers are UX conveniences, not security controls. The server is the only security boundary that matters.

Installs
7
Repository
martinffx/atelier
GitHub Stars
31
First Seen
May 23, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
oracle-security — martinffx/atelier