security-hardening

Solid

AIDefence security layer with prompt injection blocking, input validation, sandboxed execution, output sanitization, and STRIDE threat modeling.

AI & Automation 1,160 stars 71 forks Updated today MIT

Install

View on GitHub

Quality Score: 94/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Security Hardening ## Overview Multi-layered security audit pipeline implementing the AIDefence architecture. Protects against prompt injection, path traversal, and other attack vectors while ensuring compliance with security best practices. ## When to Use - Before deploying code to production - When processing untrusted inputs - Security audits of agent-generated code - Compliance verification (OWASP Top 10, CIS) ## AIDefence Layers 1. **Prompt Injection Detection** - Pattern + heuristic blocking 2. **Input Validation** - Path traversal, type coercion, parameter sanitization 3. **Static Analysis (SAST)** - Vulnerability scanning, CWE matching 4. **Sandboxed Execution** - Network isolation, filesystem restrictions, resource limits 5. **Output Sanitization** - Secrets, PII, injection vector redaction ## Security Levels | Level | Layers | Use Case | |-------|--------|----------| | standard | SAST + validation + sanitization | Routine audits | | elevated | + threat modeling + compliance | Pre-release audits | | maximum | + sandbox + full STRIDE + remediation | Critical systems | ## Agents Used - `agents/security-auditor/` - Vulnerability detection - `agents/reviewer/` - Code quality verification ## Tool Use Invoke via babysitter process: `methodologies/ruflo/ruflo-security-audit`

Details

Author: a5c-ai
Repository: a5c-ai/babysitter
Created: 4 months ago
Last Updated: today
Language: JavaScript
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

am-agent-security-auditor

Security engineer focused on vulnerability detection, threat modeling, and secure coding practices. Use for security-focused code review, threat analysis, or hardening recommendations.

15 Updated 3 days ago

sampleXbro

AI & Automation Solid

security-scanning

AgentShield security audit with 5 scanning categories, 102 static analysis rules, and optional red-team simulation.

1,160 Updated today

a5c-ai

AI & Automation Listed

security

Security audit workflow - vulnerability scan → verification

3,795 Updated 4 months ago

parcadei

Code & Development Listed

security

Use before shipping to production. Performs OWASP Top 10 audit and STRIDE threat modeling against the codebase. Supports --quick, --standard, --thorough modes. Also use when the user asks to check security, audit code, or review for vulnerabilities. Triggers on /security.

0 Updated today

Jihadyip286

Data & Documents Listed

security-audit

Deep adversarial security audit engine for full-stack web applications. Use this skill when the user wants to audit a codebase for security vulnerabilities, broken access control, injection risks, authentication weaknesses, payment security, file upload exploits, IDOR, CSRF, SSRF, RLS bypass, business logic abuse, rate limiting gaps, or deployment security issues. Trigger whenever the user says "audit my security", "find vulnerabilities", "pen test my app", "is this secure", "check for IDOR", "harden my auth", "review my payment flow for exploits", "can someone bypass this", "what can an attacker do", or shares code and asks about security, exploits, or hardening. Also trigger proactively when reviewing any app that handles auth, payments, file uploads, admin routes, or user-generated content — even if the user doesn't use the word "security".

2 Updated 2 days ago

Heet-P