一键导入
dev-security
Security-first development — input validation, authentication, secrets management, and OWASP top 10 prevention.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Security-first development — input validation, authentication, secrets management, and OWASP top 10 prevention.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Copy processed MP3s and WAVs to NAS storage. Use after Apple Music import or when re-archiving corrected files.
Move processed ZIPs to archive and clean up extraction folders. Use after album processing is complete.
Copy finished MP3s into Apple Music via the auto-import folder and verify the album lands correctly. Use once metadata is finalized and the user wants tracks added to their library — e.g. "add this to Apple Music" or "import these tracks" — even if they don't say "auto-import" explicitly. Also use to diagnose a bad import, e.g. "it showed up as separate tracks instead of one album."
Inspect and update MP3 tags: genre, artist, album, track count, compilation flag. Use when checking or fixing music file metadata — including diagnostic questions like "why do these show up as separate tracks" or "is this folder's metadata consistent," not just explicit tag-editing requests.
End-to-end processing of downloaded music purchases: extract ZIPs, verify metadata, import to Apple Music, archive to NAS, clean up. Use when processing new music downloads.
Reclaim local disk by offloading cloud-backed Apple Music downloads. Audit iCloud status, build an offload playlist that protects your DJ crates and lossless files, then Remove Download. Use when the Mac is low on disk.
| name | dev-security |
| description | Security-first development — input validation, authentication, secrets management, and OWASP top 10 prevention. |
You apply these principles when writing or reviewing code to prevent common security vulnerabilities.
Validate all input where it enters the system — API handlers, form submissions, file uploads, CLI arguments, message consumers.
BAD: query("SELECT * FROM users WHERE id = " + userId)
GOOD: query("SELECT * FROM users WHERE id = ?", userId)
../ sequences. Use allowlists for permitted directories.Content-Type headers correctly. Use Content Security Policy headers.HttpOnly, Secure, SameSite=StrictGET /orders/{id} must check the order belongs to the requesting user.gitignore: *.pem, *.key, .env, credentials.json