Does this skill use blocklists or allowlists?

It strictly prioritizes allowlists over blocklists, recommending validation of specific types, lengths, formats, and ranges.

What is the primary focus of the Input Validation skill?

The primary focus is ensuring all external data is treated as hostile and validated exhaustively at trust boundaries to prevent security breaches.

Where should validation occur according to this skill?

Validation should occur at the earliest possible trust boundary, such as terminal input, config files, environment variables, or LLM responses.

Which common vulnerabilities does this skill help prevent?

It specifically targets command injection, path traversal, format string vulnerabilities, and null byte truncations.

How does it handle internal function security?

Once data passes the boundary validation, internal functions can use assertions to verify preconditions, ensuring the data remains safe throughout the application lifecycle.

Input Validation Security

Name: Input Validation Security
Author: mgreenly

bymgreenly

•

보안 및 테스팅

Protects applications by implementing exhaustive validation at trust boundaries and mitigating common injection vulnerabilities.

소개

This skill provides Claude with expert guidance for securing applications against hostile external data by enforcing strict input validation at trust boundaries. It establishes a 'reject by default' posture, focusing on implementing allowlist-based validation to prevent critical vulnerabilities such as command injection, path traversal, and format string attacks. By following these patterns, developers can ensure that terminal inputs, configuration files, and even LLM-generated responses are properly sanitized and validated before processing, significantly reducing the attack surface of their software.

주요 기능

Precondition assertions for internal function safety
Context-aware sanitization for Shell, SQL, and HTML
1 GitHub stars
Injection vector mitigation (Command, Path, Format String)
Exhaustive trust boundary validation patterns
Allowlist-based validation for type, length, and format

사용 사례

Validating external configuration files and environment variables
Securing terminal input and command-line interface interactions
Sanitizing untrusted LLM streaming chunks before execution or storage

소개

주요 기능

Precondition assertions for internal function safety
Context-aware sanitization for Shell, SQL, and HTML
1 GitHub stars
Injection vector mitigation (Command, Path, Format String)
Exhaustive trust boundary validation patterns
Allowlist-based validation for type, length, and format

사용 사례

Validating external configuration files and environment variables
Securing terminal input and command-line interface interactions
Sanitizing untrusted LLM streaming chunks before execution or storage