Skills

dotnet

Installation
SKILL.md

.NET Code Review Rules

Security (Critical)

  • Input Validation: Validate and sanitize all user input using whitelisted input patterns, strong type checks, and context-aware escaping (HTML/SQL/command-line contexts). Apply strict validation before any rendering or database operation
  • Comment Hygiene: Never use HTML comments (<!-- -->) or template variables (e.g., {{ }}) to store sensitive data or security-relevant instructions. Ensure HTML comments are stripped from output before deployment
  • Use [Authorize] attribute with policies
  • Validate anti-forgery tokens for forms
  • Use parameterized queries (EF Core does this by default)
  • Don't log sensitive data
  • Use HTTPS redirection middleware
  • Store secrets in Azure Key Vault or environment variables
  • Use User Secrets for local development
  • Never commit secrets to source control
Installs
7
Repository
yldgio/codereview-skills
First Seen
Jan 30, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
dotnet — yldgio/codereview-skills