Does it provide guidance for secure file uploads?

Absolutely. It mandates validation for file types, sizes, and magic bytes, while recommending ActiveStorage and storing files outside the public directory.

How does this skill prevent SQL injection in Rails?

The skill enforces the use of hash conditions and positional placeholders in ActiveRecord queries while strictly forbidding string interpolation for any user-provided input.

When should I activate the Rails Security skill?

You should use it whenever you are building features that touch user input, handling database queries, managing authentication, or executing shell commands.

Can it help with Cross-Site Scripting (XSS)?

Yes, it provides implementation patterns for safe HTML sanitization, Content Security Policy (CSP) configuration, and prevents the use of unsafe methods like .html_safe.

Rails Security Expert

Name: Rails Security Expert
Author: zerobearing2

byzerobearing2

•

Security & Testing

Protects Ruby on Rails applications from critical vulnerabilities like XSS, SQL injection, and CSRF using industry-standard security patterns.

The Rails Security Expert skill provides comprehensive protection and auditing for Ruby on Rails applications. It focuses on mitigating common attack vectors including Cross-Site Scripting (XSS), SQL Injection, and command injection by enforcing strict implementation rules. The skill guides developers through secure database querying, safe user-content rendering, and robust file upload handling, ensuring that every interaction with sensitive data or user input follows the principle of least privilege and modern security best practices.

Key Features

01XSS prevention via automatic escaping and allowlist-based sanitization

02Secure file upload validation for types, sizes, and sanitized filenames

0318 GitHub stars

04SQL injection mitigation using parameterized queries and hash conditions

05CSRF protection enforcement for forms and JavaScript requests

06Command injection prevention via array-form system call enforcement

Use Cases

01Auditing and implementing secure system commands and file processing workflows

02Securing displays for user-generated content and markdown rendering

03Hardening ActiveRecord queries that incorporate dynamic user input

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zerobearing2/rails-ai security

For use in Claude.ai and ChatGPT

Download Skill