一键导入
check-input-validation
Validates input domain safety including division-by-zero prevention, pagination bounds, cache key completeness, and numeric range enforcement
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Validates input domain safety including division-by-zero prevention, pagination bounds, cache key completeness, and numeric range enforcement
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Use when designing prompts for LLMs, optimizing model performance, building evaluation frameworks, or implementing advanced prompting techniques like chain-of-thought, few-shot learning, or structured outputs.
How to deploy Dravr infrastructure and apply Cloud Run config changes. Use when editing infra/ terraform, when a merged code change is live but a Cloud Run setting (cpu, memory, min/max instances, env var, scaling) hasn't taken effect, or when asked to plan/apply infra. Explains the two-pipeline model (app binary auto-deploys on push; terraform infra config is a separate manual apply) plus the cpu/cpu_idle guardrails.
Enforces zero-tolerance code quality policy using Clippy with strict lints, all warnings treated as errors
Write well-formatted notes to the dravr-vault Obsidian knowledge base. Use this skill whenever creating or updating an ADR, runbook, plan, API doc, guide, session output, or any structured document that should land in the vault — even when the user doesn't say "Obsidian" explicitly. Delegates to obsidian:obsidian-cli to write to the live vault and applies Dravr frontmatter and formatting standards.
Bootstrap Pierre server with database, admin user, coaches, and test users for development and testing
Validates coach markdown files for required frontmatter fields, sections, and naming conventions
| name | check-input-validation |
| description | Validates input domain safety including division-by-zero prevention, pagination bounds, cache key completeness, and numeric range enforcement |
| user-invocable | true |
Validates that user-supplied inputs are properly bounded and validated before use. Catches division-by-zero, unbounded pagination, missing cache key components, and numeric range violations.
Run this skill:
echo "========================================="
echo " INPUT VALIDATION CHECK"
echo "========================================="
echo ""
echo "--- 1. Division Safety ---"
# Find all division operations in production code
echo "🔍 Scanning for division operations..."
rg " / " src/ --type rust -n | \
rg -v "test|//|mod |use |impl " | \
rg -v "\.len\(\) / |as f64 / |as f32 / " > /tmp/divisions.txt
# Check each for guards
echo "Division operations found:"
cat /tmp/divisions.txt | head -20
# Check for .max(1) or similar guards near divisions
echo ""
echo "🔍 Checking for zero-guards near divisions..."
rg "\.max\(1\)|\.max\(1\.0\)|checked_div|if.*==.*0|if.*>.*0" src/ --type rust -n | wc -l
echo "Zero-guard patterns found"
# Specific high-risk patterns: recipe servings, pagination
echo ""
echo "🔍 Checking recipe/nutrition division safety..."
rg "servings|portion|per_serving" src/ --type rust -A 3 | \
rg " / " | \
rg -v "\.max\(1\)|checked_div" && \
echo "⚠️ Division by servings without zero-guard!" || \
echo "✓ Servings division properly guarded"
echo ""
echo "--- 2. Pagination Bounds ---"
# Check for limit/offset parameters
echo "🔍 Checking pagination parameter bounds..."
rg "struct.*Params|struct.*Request|struct.*Query" src/ --type rust -A 15 | \
rg "limit|offset|page|per_page" | head -10
# Verify clamp/min/max on pagination values
echo ""
echo "🔍 Checking bound enforcement..."
rg "limit.*clamp|limit.*min|limit.*max|\.min\(.*100\)|\.max\(.*1\)" src/ --type rust -n | head -10
echo "Pagination bound patterns found"
# Check for unbounded LIMIT in SQL
echo ""
echo "🔍 Checking SQL LIMIT bounds..."
rg "LIMIT \\\$|LIMIT \{" src/ --type rust -B 3 | \
rg -v "clamp|min|max" | head -10
echo "(Above should be empty — all LIMIT values need bounds)"
echo ""
echo "--- 3. Cache Key Completeness ---"
# Find cache key construction
echo "🔍 Checking cache keys include tenant_id..."
rg "cache_key|format!.*cache|format!.*key" src/ --type rust -n | \
rg -v "tenant" | \
rg -v "test|//|use " | head -10
echo "(Above should be empty — all cache keys need tenant_id)"
# Verify cache operations use tenant-scoped keys
rg "cache\.get|cache\.set|cache\.insert|cache\.remove" src/ --type rust -B 5 | \
rg "tenant" | wc -l
echo "Cache operations with tenant context"
echo ""
echo "--- 4. Numeric Range Enforcement ---"
# Check for numeric parameters used without validation
echo "🔍 Checking numeric input validation..."
rg "params\.\w+.*as (f64|f32|i64|i32|u64|u32)" src/ --type rust -n | head -10
echo "(Review above — numeric casts from params need range checks)"
# Check for weight/height/age without bounds
rg "weight|height|age|heart_rate|pace" src/routes/ --type rust -A 5 | \
rg "params\." | rg -v "validate|clamp|min|max|range" | head -5
echo "(Above should be empty — fitness metrics need bounds)"
echo ""
echo "========================================="
echo " INPUT VALIDATION CHECK COMPLETE"
echo "========================================="
These modules handle user numeric input and need special attention:
src/intelligence/ — Training load, VDOT, nutrition calculationssrc/mcp/tool_handlers/ — MCP tool parameters from external clientssrc/routes/ — API endpoint query/body parameterssrc/providers/ — Provider-specific data transformationsThe CI-runnable version of this skill lives at scripts/ci/check-input-validation.sh.
It runs automatically in CI via ./scripts/ci/architectural-validation.sh --apply-skills.
security-review — Comprehensive security checklistvalidate-architecture — Architectural patternstest-intelligence-algorithms — Algorithm correctness