Skills

security

Installation
SKILL.md

Elixir/Phoenix Security Reference

Quick reference for security patterns in Elixir/Phoenix.

Iron Laws — Never Violate These

  1. VALIDATE AT BOUNDARIES — Never trust client input. All data through changesets
  2. NEVER INTERPOLATE USER INPUT — Use Ecto's ^ operator, never string interpolation
  3. NO String.to_atom WITH USER INPUT — Atom exhaustion DoS. Use to_existing_atom/1
  4. AUTHORIZE EVERYWHERE — Check in contexts AND re-validate in LiveView events
  5. ESCAPE BY DEFAULT — Never use raw/1 with untrusted content
  6. SECRETS NEVER IN CODE — All secrets in runtime.exs from env vars

Quick Patterns

Timing-Safe Authentication

Related skills

More from oliver-kriska/claude-elixir-phoenix

Installs
20
Repository
oliver-kriska/c…-phoenix
GitHub Stars
299
First Seen
Mar 1, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass