Command Palette

Search for a command to run...

YepAPI
ExploreSEO APISERP APIScrapingAI APISkillsDocs
Get Started
Free · All Tools

Security Agent Skill

OWASP top 10 prevention — XSS, CSRF, CSP, secrets management.

securityowaspxsscsrf

The Skill

Full content, every format. Copy it, download it, or install with one command.

SKILL.md
---
description: OWASP top 10 prevention — XSS, CSRF, CSP, secrets management.
homepage: https://yepapi.com/skills/security
metadata:
  tags: [security, owasp, xss, csrf]
---

# Security

## Rules

- Validate all user input server-side — never trust the client
- Parameterized queries only — never concatenate user input into SQL/queries
- Sanitize HTML output — use framework auto-escaping, DOMPurify for raw HTML
- CSRF tokens on all state-changing requests
- CSP headers: `default-src 'self'`, allow only needed domains
- Dependencies: `npm audit` regularly, update promptly for security patches
- Secrets in environment variables only — never in code, never in git
- HTTPS everywhere — redirect HTTP to HTTPS
- Rate limit authentication endpoints — prevent brute force
- Log authentication failures — detect attacks early

Install

Why Use the Security Skill?

Without this skill, your AI guesses at security patterns. It might hallucinate deprecated APIs, use outdated conventions, or miss best practices entirely. With it, your AI follows a proven ruleset — every suggestion aligns with current standards.

Drop this skill into your project and your AI instantly knows the rules. Better code suggestions, fewer errors, faster shipping.

Try These Prompts

These prompts work better with the Security skill installed. Your AI knows the context and writes code that fits.

"Audit this app for OWASP Top 10 vulnerabilities and fix all security issues"

"Add CSP headers, XSS protection, and CSRF tokens to all forms and API routes"

"Create a security middleware stack with rate limiting, input sanitization, and secrets management"

Works Great With

Authentication

Session auth, social providers, CSRF protection, and secure cookie patterns.

View skill

Rate Limiting

Token bucket, sliding window, per-user/IP limits, Redis-backed, Upstash patterns.

View skill

Error Handling

Structured errors, React error boundaries, and graceful degradation.

View skill

Security skill — FAQ

It enforces OWASP Top 10 prevention including XSS, CSRF, CSP, and secrets management. Your AI writes secure code by default instead of introducing common vulnerabilities.

Run `npx skills add YepAPI/skills --skill security` in your project root. This copies the skill file into your repo where your AI coding tool can read it automatically.

Yes. The skill covers injection prevention, broken authentication, sensitive data exposure, XSS, CSRF, and the other OWASP Top 10 categories with specific code patterns for each.

Want more skills?

Browse all 110 free skills for builders.

See All Skills