Agent skill

security-principles

Use this skill when handling secrets, credentials, PII, input validation, or any security-sensitive code. Covers secrets management, secure defaults, encryption, logging safety, and common vulnerability prevention. Apply when adding authentication, configuring environment variables, reviewing code for security issues, or working with sensitive data.

View SKILL.md on GitHub Repository
Stars 2,455
Forks 508

Install this agent skill to your Project

npx add-skill https://github.com/exceptionless/Exceptionless/tree/main/.agents/skills/security-principles

SKILL.md

Security Principles

Secrets Management

Secrets are injected via Kubernetes ConfigMaps and environment variables — never commit secrets to the repository.

  • Configuration files — Use appsettings.yml for non-secret config
  • Environment variables — Secrets injected at runtime via EX_* prefix
  • Kubernetes — ConfigMaps mount configuration, Secrets mount credentials
csharp
// AppOptions binds to configuration (including env vars)
public class AppOptions
{
    public string? StripeApiKey { get; set; }
    public AuthOptions Auth { get; set; } = new();
}

Validate All Inputs

  • Check bounds and formats before processing
  • Use ArgumentNullException.ThrowIfNull() and similar guards
  • Validate early, fail fast

Sanitize External Data

  • Never trust data from queues, caches, user input, or external sources
  • Validate against expected schema
  • Sanitize HTML/script content before storage or display

No Sensitive Data in Logs

  • Never log passwords, tokens, API keys, or PII
  • Log identifiers and prefixes, not full values
  • Use structured logging with safe placeholders

Use Secure Defaults

  • Default to encrypted connections (SSL/TLS enabled)
  • Default to restrictive permissions
  • Require explicit opt-out for security features

Avoid Deprecated Cryptographic Algorithms

Use modern cryptographic algorithms:

  • MD5, SHA1 — Cryptographically broken
  • SHA256, SHA512 — Current standards

Avoid Insecure Serialization

  • BinaryFormatter — Insecure deserialization vulnerability
  • System.Text.Json, Newtonsoft.Json — Safe serialization

Input Bounds Checking

  • Enforce minimum/maximum values on pagination parameters
  • Limit batch sizes to prevent resource exhaustion
  • Validate string lengths before storage

OWASP Reference

Review OWASP Top 10 regularly:

  1. Broken Access Control
  2. Cryptographic Failures
  3. Injection
  4. Insecure Design
  5. Security Misconfiguration
  6. Vulnerable and Outdated Components
  7. Identification and Authentication Failures
  8. Software and Data Integrity Failures
  9. Security Logging and Monitoring Failures
  10. Server-Side Request Forgery

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

exceptionless/Exceptionless

foundatio-repositories

2,455 508
Explore
exceptionless/Exceptionless

releasenotes

Generate formatted changelogs from git history since the last release tag. Use when preparing release notes that categorize changes into breaking changes, features, fixes, and other sections.

2,455 508
Explore
exceptionless/Exceptionless

e2e-testing

Use this skill when writing or running end-to-end browser tests with Playwright. Covers Page Object Model patterns, selector strategies (data-testid, getByRole, getByLabel), fixtures, and accessibility audits with axe-playwright. Apply when adding E2E test coverage, debugging flaky tests, or testing user flows through the browser.

2,455 508
Explore
exceptionless/Exceptionless

tanstack-query

Use this skill when fetching data, managing server state, or handling API mutations in the Svelte frontend. Covers createQuery, createMutation, query keys, cache invalidation, optimistic updates, and WebSocket-driven refetching. Apply when adding API calls, managing loading/error states, or coordinating cache updates after mutations.

2,455 508
Explore
exceptionless/Exceptionless

dogfood

Systematically explore and test a web application to find bugs, UX issues, and other problems. Use when asked to "dogfood", "QA", "exploratory test", "find issues", "bug hunt", "test this app/site/platform", or review the quality of a web application. Produces a structured report with full reproduction evidence -- step-by-step screenshots, repro videos, and detailed repro steps for every issue -- so findings can be handed directly to the responsible teams.

2,455 508
Explore
exceptionless/Exceptionless

storybook

Use this skill when creating or updating Storybook stories for Svelte components. Covers Svelte CSF story format, defineMeta, argTypes, snippet-based customization, and autodocs. Apply when adding visual documentation for components, setting up story files, or running Storybook for development.

2,455 508
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results