com um clique
sql-safety
Database safety rules for the data-access layer.
Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.
Menu
Database safety rules for the data-access layer.
Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.
Baseado na classificação ocupacional SOC
Pull request review checklist for the team.
Python code style, typing, and project conventions.
Project-wide security rules for handling untrusted input, secrets, and database access.
Testing conventions for the project — pytest, fixtures, integration vs unit.
| name | sql-safety |
| description | Database safety rules for the data-access layer. |
Always use parameterized queries for every database access. Never concatenate user-provided strings into SQL statements directly. This includes dynamic WHERE clauses, ORDER BY clauses, and table names.
All schema migrations go through the migrations/ directory and run in the deploy pipeline; never modify the production schema by hand. Each migration is reversible — pair every up with a tested down.
Use connection pools sized to peak concurrent load divided by average query latency. Never open and close a fresh connection per request in a hot path; the handshake cost dominates everything else under load.
Route read-only queries to read replicas. Writes always go to primary. Track replication lag and surface it on dashboards.
Validate and sanitize all user-provided data at the system boundary before it enters business logic. Reject inputs that do not match the expected shape, range, or type.
Treat any data that crossed a network or process boundary as untrusted until proven otherwise. Apply the same scrutiny to data from other internal services as you would to data from the public internet. The threat model assumes lateral movement; act accordingly across every service-to-service hop in the system.