Can it help prevent SQL injection in DBI?

Yes, it enforces the use of DBI placeholders and parameterized queries while providing allowlist patterns for dynamic elements like column names.

How does it handle Web security?

It includes guidelines for HTML entity encoding, CSRF token generation, and setting secure HTTP headers like CSP and HSTS in frameworks like Mojolicious.

What is the recommended way to run system commands?

The skill promotes using the list form of system() and exec(), which bypasses the shell and prevents shell metacharacter injection vulnerabilities.

How does this skill help with Perl Taint Mode?

The skill provides patterns for enabling Taint Mode (-T) and specifically shows how to use regex capture groups to properly untaint data after validation.

Perl Security Expert

Name: Perl Security Expert
Author: saar120

bysaar120

0•

Security & Testing

Implements robust security patterns and defensive coding practices for Perl applications to prevent common vulnerabilities.

The Perl Security Expert skill provides Claude with a comprehensive framework for auditing and hardening Perl applications. It focuses on critical security domains including Taint Mode implementation for data tracking, preventing injection attacks through parameterized DBI queries and list-form system executions, and securing web interfaces against XSS and CSRF. By leveraging industry-standard perlcritic security policies and validation allowlists, this skill helps developers build resilient, production-grade Perl code that follows the principle of least privilege and defense in depth.

Key Features

01Context-aware output encoding for XSS prevention in web applications

020 GitHub stars

03Secure process execution patterns to eliminate shell metacharacter injection

04Taint Mode (-T) integration for automatic tracking of untrusted external data

05SQL injection prevention using DBI placeholders and parameterized queries

06Automated security auditing using perlcritic security-themed policies

Use Cases

01Hardening backend Perl services against command and SQL injection

02Refactoring legacy Perl CGI scripts to meet modern security standards

03Implementing secure file upload and path traversal protection in web frameworks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add saar120/skillgate-registry perl-security

For use in Claude.ai and ChatGPT

Key Features

01Context-aware output encoding for XSS prevention in web applications

020 GitHub stars

03Secure process execution patterns to eliminate shell metacharacter injection

04Taint Mode (-T) integration for automatic tracking of untrusted external data

05SQL injection prevention using DBI placeholders and parameterized queries

06Automated security auditing using perlcritic security-themed policies

Use Cases

01Hardening backend Perl services against command and SQL injection

02Refactoring legacy Perl CGI scripts to meet modern security standards

03Implementing secure file upload and path traversal protection in web frameworks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add saar120/skillgate-registry perl-security

For use in Claude.ai and ChatGPT