securitylisted

# Software Security Skill Comprehensive security guidance for AI coding agents to generate secure code and prevent common vulnerabilities. ## When to Use This Skill Activate when: - Writing new code in any language - Reviewing or modifying existing code - Implementing security-sensitive features (authentication, cryptography, data handling, etc.) - Working with user input, databases, APIs, or external services - Configuring cloud infrastructure, CI/CD pipelines, or containers - Handling sensitive data, credentials, or cryptographic operations ## How to Use This Skill ### Step 1 — Always-Apply Rules Check these on **every** code operation, regardless of language or context: | Rule | File | What it governs | | ---- | ---- | --------------- | | No hardcoded secrets | `core/hardcoded-credentials.md` | Passwords, API keys, tokens, and credentials must never appear in source code | | Approved crypto only | `core/crypto-algorithms.md` | Only modern, unbroken algorithms (no MD5, RC4, DES, static RSA, etc.) | | Certificate hygiene | `core/digital-certificates.md` | Certificate validation, pinning, and lifecycle management | ### Step 2 — Concern-Specific Rules Load the files for each security domain that applies to the task: <!-- LANGUAGE_MAPPINGS_START --> | Concern | Signals (keywords / file patterns) | Load | | ------- | ---------------------------------- | ---- | | **Credentials & secrets** | `secret`, `api key`, `password`, `.env`, `config`, hardcoded value | `core/hardc