Security Review FAQs

Question 1

Does this skill help prevent SQL injection?

Accepted Answer

Yes, it provides specific patterns and verification steps to ensure all database queries use parameterized inputs or ORMs correctly, preventing dangerous string concatenation.

Question 2

Can it help with secrets management?

Accepted Answer

Absolutely. The skill includes a checklist and examples for moving hardcoded API keys into environment variables and ensuring they are properly excluded from version control.

Question 3

How does it handle input validation?

Accepted Answer

It promotes schema-based validation using tools like Zod to ensure all user inputs and file uploads are checked for type, size, and content before processing.

Question 4

Does it cover web-specific threats like XSS and CSRF?

Accepted Answer

Yes, it includes guidance on HTML sanitization, setting secure Content Security Policy (CSP) headers, and implementing CSRF protection for state-changing operations.

Question 5

When should I use the Security Review skill?

Accepted Answer

Activate this skill whenever you are implementing authentication, handling user input, working with secrets, or creating API endpoints to ensure your code adheres to security best practices.

Security Review

Key Features

Use Cases

Security Review

Key Features

Use Cases