Validate and constrain untrusted input at the boundary. Use on any handler that accepts external data.
Installation
Mit Codex oder Claude installieren Kopieren Sie diesen Prompt, fügen Sie ihn in Codex, Claude oder einen anderen Assistant ein und lassen Sie die Skill-Seite prüfen und installieren.
Validate and constrain untrusted input at the boundary. Use on any handler that accepts external data.
when_to_use
request bodies, query params, file uploads, webhook payloads, form data
targets
["*"]
Input Validation
Validate at the edge, before the data touches logic or storage.
Schema - type, required fields, allowed values. Reject unknown fields rather than ignoring them.
Bounds - string length, number ranges, array size. An unbounded input is a DoS and a memory bomb.
Format - emails, UUIDs, dates parsed and re-validated, not trusted as strings.
Files - size limit, type allowlist (check content, not just extension), no path traversal in names.
Reject with a clear 4xx and a message that says what's wrong - without leaking internals.
Never trust "it comes from our own frontend". The request can come from anywhere.