Secure Code Guardian

What it does

Secure Code Guardian gives an engineering-focused playbook for designing, implementing, and validating web application security controls. It walks through threat modeling, defensive design, and concrete implementation patterns (password hashing, parameterized SQL, JWT validation, input validation with Zod, security headers, rate limiting) and provides code examples and validation checkpoints so engineers can ship secure features with repeatable tests.

When to use it

Invoke this skill when building or reviewing authentication/authorization flows, handling user input, configuring tokens or sessions, or hardening endpoints against OWASP Top 10 classes (XSS, SQLi, broken auth, etc.). It fits pull-request reviews, security design sessions, and implementation checklists before release.

What's included

• Scripts: none bundled (has_references=true; see references/ in the repo)
• References: OWASP prevention, authentication, input-validation, XSS/CSRF, security-headers docs included in repository references
• Instructions: stepwise workflow (threat model → design → implement → validate → document) plus concrete code examples for bcrypt, parameterized SQL, Zod validation, JWT verification, and secure Express endpoints

Compatible agents

Broadly applicable to code-focused agents that can produce and review code (Claude Code, Copilot-style assistants, Codex/GitHub Copilot).