loom-security-and-hardeninglisted

# loom-security-and-hardening Security and hardening is a risk-focused playbook. It turns security concerns into specs, tickets, evidence, audits, and prevention records instead of leaving them as informal caution. ## Loom Routing Common routes use these Loom skills for durable records or follow-up workflow: `loom-specs`, `loom-tickets`, `loom-evidence`, `loom-audit`, `loom-research`, `loom-constitution`, `loom-retrospective`, and `loom-knowledge`. Follow any named Loom skill fully. This playbook adds workflow pressure; it does not shorten target-skill requirements. ## Use This Playbook When Use this playbook when work touches: - user input or external data - authentication, authorization, sessions, roles, or permissions - secrets, API keys, tokens, credentials, or sensitive data - file uploads, webhooks, callbacks, or third-party integrations - database queries or command execution - CORS, CSP, security headers, cookies, or rate limits - dependency vulnerabilities - payment, PII, customer data, or regulated data ## Route Use this route: ```text classify boundary -> specify controls -> implement -> verify -> audit -> prevent ``` ## Classify Boundary Identify: - trusted and untrusted inputs - authentication and authorization boundary - sensitive data handled - storage, logs, telemetry, and artifact paths - third-party responses or callbacks - browser-rendered external content - environment and secret sources - blast radius if the control fails Route durable poli