security
Security
This skill adds security-specific guidance.
Default Stance
- prioritize realistic attacker goals, attacker-controlled input, and concrete impact
- ground claims in actual code, entrypoints, data flows, trust boundaries, and deployment shape
- research the broader repo before reporting a vulnerability; do not flag pattern matches in isolation
- report high-confidence exploit paths first and separate them from lower-confidence follow-up checks
- prefer secure defaults that do not silently break intended behavior; call out meaningful tradeoffs
- separate runtime risk from CI/build/dev/test-only concerns
Use This Skill For
- security reviews, vulnerability audits, OWASP-style review requests, and secure-by-default coding help
- high-risk changes where the main question is whether a boundary is secure: authz, untrusted input, external fetches, uploads, secrets handling, sensitive data, or tenant isolation
- threat modeling a repo, service, or path
More from n-n-code/n-n-code-skills
project-vendor-boundary
Overlay for app-owned versus vendored dependency boundaries. Portable across repos that vendor third-party code. Use when work touches vendored dependencies or their integration seam.
19coding-guidance-cpp
C++ implementation and review skill. Use when writing, modifying, refactoring, or reviewing C++ code, especially modern C++17/20/23 code that needs strong ownership, type safety, and testable design. Portable across C++ repos and build systems.
18project-platform-diagnose
Overlay for environment-sensitive diagnosis — service startup, install issues, platform integration, headless/container behavior, and runtime smoke checks. Portable across repos where build, install, or runtime behavior depends on the local platform.
18documenter
Baseline overlay for substantial documentation authoring or restructuring: README, specs, ADRs, tutorials, how-to guides, reference docs, explanations, API docs, code comments, changelogs, and agent-facing docs. Use when the agent should classify doc type, ground claims in repo truth, and validate examples before finishing.
18project-release-maintainer
Overlay for release-facing docs, install layout, workflows, licenses, and hygiene scripts. Portable across repos with a release/packaging pipeline. Use for publication-facing changes.
17project-core-dev
Overlay for day-to-day feature work and bug fixes in repo-owned code. Provides a validation checklist for build, test, format, and analysis. Use alongside the repo's principle skill.
17