Does this skill use blocklists or allowlists?

It strictly prioritizes allowlists over blocklists, recommending validation of specific types, lengths, formats, and ranges.

What is the primary focus of the Input Validation skill?

The primary focus is ensuring all external data is treated as hostile and validated exhaustively at trust boundaries to prevent security breaches.

Where should validation occur according to this skill?

Validation should occur at the earliest possible trust boundary, such as terminal input, config files, environment variables, or LLM responses.

Which common vulnerabilities does this skill help prevent?

It specifically targets command injection, path traversal, format string vulnerabilities, and null byte truncations.

How does it handle internal function security?

Once data passes the boundary validation, internal functions can use assertions to verify preconditions, ensuring the data remains safe throughout the application lifecycle.

Input Validation Security

Name: Input Validation Security
Author: mgreenly

bymgreenly

•

Security & Testing

Protects applications by implementing exhaustive validation at trust boundaries and mitigating common injection vulnerabilities.

This skill provides Claude with expert guidance for securing applications against hostile external data by enforcing strict input validation at trust boundaries. It establishes a 'reject by default' posture, focusing on implementing allowlist-based validation to prevent critical vulnerabilities such as command injection, path traversal, and format string attacks. By following these patterns, developers can ensure that terminal inputs, configuration files, and even LLM-generated responses are properly sanitized and validated before processing, significantly reducing the attack surface of their software.

Key Features

01Precondition assertions for internal function safety

02Context-aware sanitization for Shell, SQL, and HTML

031 GitHub stars

04Injection vector mitigation (Command, Path, Format String)

05Exhaustive trust boundary validation patterns

06Allowlist-based validation for type, length, and format

Use Cases

01Validating external configuration files and environment variables

02Securing terminal input and command-line interface interactions

03Sanitizing untrusted LLM streaming chunks before execution or storage

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mgreenly/ikigai input-validation

For use in Claude.ai and ChatGPT

Download Skill