Can this skill help prevent SQL injection?

Yes, it provides patterns for strict input typing and encourages the use of parameterized queries, ensuring that user input is never directly concatenated into database commands.

How does it handle file upload security?

It implements best practices for validating files by checking magic bytes (content signatures) rather than relying on easily spoofed file extensions or MIME type headers.

Why does the skill emphasize allowlists over blocklists?

Allowlists are a 'deny-by-default' security strategy, which is significantly more robust than blocklists because it only permits known-good inputs, leaving no room for unknown attack vectors.

Which validation libraries does this skill support?

This skill primarily provides optimized patterns for Zod v4 in TypeScript/JavaScript and Pydantic in Python, covering the most popular frameworks like React, Express, and FastAPI.

Input Validation & Sanitization

Name: Input Validation & Sanitization
Author: yonatangross

byyonatangross

•

보안 및 테스팅

Secures applications by implementing robust server-side input validation and sanitization patterns using Zod and Pydantic.

The Input Validation skill provides Claude with standardized patterns to eliminate common security vulnerabilities by enforcing strict validation across API request bodies, query parameters, and file uploads. It guides the implementation of production-ready schemas using Zod (TypeScript) and Pydantic (Python), ensuring that all untrusted data is vetted against allowlists, properly coerced into safe types, and sanitized before processing. By focusing on server-side enforcement and preventing anti-patterns like blocklisting or string concatenation, this skill significantly reduces the risk of injection attacks, XSS, and data corruption in modern web applications.

주요 기능

01Strict type coercion for query parameters and form data

02Automated schema validation using Zod v4 and Pydantic

03Secure file upload validation via magic byte signatures

04Implementation of allowlists to prevent injection attacks

05Discriminated union patterns for complex data structures

0669 GitHub stars

사용 사례

01Securing file upload endpoints by verifying content types through binary headers

02Validating and sanitizing API request bodies in FastAPI or Express environments

03Normalizing and coercing string-based URL parameters into typed, safe objects

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add yonatangross/orchestkit input-validation

For use in Claude.ai and ChatGPT

Download Skill