Software Security Skill (Project CodeGuard)

This skill provides comprehensive security guidance to help AI coding agents generate secure code and prevent common vulnerabilities. It is based on Project CodeGuard, an open-source, model-agnostic security framework that embeds secure-by-default practices into AI coding workflows.

When to Use This Skill

This skill should be activated when:

• Writing new code in any language
• Reviewing or modifying existing code
• Implementing security-sensitive features (authentication, cryptography, data handling, etc.)
• Working with user input, databases, APIs, or external services
• Configuring cloud infrastructure, CI/CD pipelines, or containers
• Handling sensitive data, credentials, or cryptographic operations

How to Use This Skill

When writing or reviewing code:

1. Always-Apply Rules: Some rules MUST be checked on every code operation:

• codeguard-1-hardcoded-credentials.md - Never hardcode secrets, passwords, API keys, or tokens
• codeguard-1-crypto-algorithms.md - Use only modern, secure cryptographic algorithms
• codeguard-1-digital-certificates.md - Validate and manage digital certificates securely

2. Context-Specific Rules: Apply rules from /rules directory based on the language of the feature being implemented using the table given below: