OWASP Security Best Practices

Name: OWASP Security Best Practices
Rating: 87 (1 reviews)
Author: majiayu000

Trust Score 87/100

Security review and best-practice guidance for web apps and agentic AI systems covering OWASP Top 10:2025, ASVS 5.0, and agent security patterns.

triggers:owaspsecurity reviewauthinput validationfail-closedagent securityASVStop 10

GitHub SKILL.md

What it does

Provides a compact, practical security checklist and secure-coding patterns for reviewing and hardening applications and AI agent systems. Includes OWASP Top 10:2025 guidance, ASVS 5.0 requirements, secure code examples (injection, auth, session handling), and agent-specific risks (prompt injection, tool misuse, privilege abuse).

When to use it

Use this skill while performing code reviews, implementing authentication/authorization, handling user input, designing APIs, configuring production security settings, or assessing AI agent architectures for supply-chain and execution risks.

What's included

Scripts: none declared in the repo path (has_scripts=false)
References: none bundled (has_references=false)
Instructions: clear checklists for input handling, auth/session management, access control, data protection, error handling, plus concrete safe/unsafe code examples across languages and a fail-closed pattern.

Compatible agents

Best used with agents that can read and apply coding guidance (Claude Code, Copilot-style assistants, Codex) and with human reviewers as a policy checklist.

Audit Summary

Comprehensive OWASP security reference skill covering Top 10:2025, ASVS 5.0, and Agentic AI security (2026). Provides checklists, safe/unsafe code patterns in 20+ languages, and a deep security analysis mindset. Purely a reference document with no scripts or executable components. Well-structured content with concrete examples throughout.

Watch Out

Source URL in DB points to skills/other/ path but actual content is in skills/security/ — fetch returned null skill_md_body
Purely informational — no interactive workflow or output contracts
No references/ directory with additional resources

Notes

Reference-only skill (no scripts). Had to locate SKILL.md via GitHub search API as the stored source_path was incorrect (other/ vs security/). Content quality is high — thorough coverage of modern security practices including 2026 agentic AI risks which is notably forward-looking and unique among security skills.

Information

Repository: majiayu000

Trust Score

Overall87

Security97

Code Quality84

Architecture68

Usefulness82

More from majiayu000

Uloop: Execute Dynamic Code

Run small C# snippets in the Unity Editor via the uloop CLI for editor automation tasks like prefab wiring, AddComponent flows, and scene edits—without writing

Bookmarklet Creation

Generates browser-executable JavaScript bookmarklets with strict formatting (IIFE wrapper, block comments) and provides ready-to-install links or installer inst

Overnight — Autonomous Long-Running Coding

Orchestrates long-running coding goals: decomposes objectives into atomic tasks, dispatches isolated worktree workers, verifies acceptance criteria, and merges

Bexio API (Swiss CRM & Invoicing)

Integrate and manage Bexio contacts, quotes, invoices, orders and products via the Bexio API. Useful for CRM and Swiss business document workflows.

Content Research Writer

A writing-partner skill that helps research, outline, draft, cite, and iteratively improve articles, tutorials, and thought pieces.

Agent Hierarchy Diagram

Generate visual hierarchy diagrams (ASCII, Mermaid, GraphML) that show agent roles, levels, and delegation for documentation and onboarding.

Review Pull Request

Automated, structured PR reviewer: gathers metadata, diffs, CI results, dependency changes and provides a concise verdict with testing and documentation recomme

Agent Ops — Testing Workflow

Guidance for designing, running, and analyzing test suites for agents: test isolation, execution patterns, and coverage-based enforcement.

libagent

Agent orchestration library for conversational AI — coordinates LLM completions, memory, tool execution, and multi-turn flows; useful for building chat agents a

Raindrop.io API

Manage Raindrop.io bookmarks, collections, tags and highlights via the Raindrop REST API with helper scripts and examples.

Related Skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Run Execute

Orchestrates execution of work items across modes (autopilot, confirm, validate) with scripted init/complete tooling, plan/test/report artifacts and strict gati

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

Clerk Vue Patterns

Vue 3 integration patterns for Clerk: composables, router guards, and Pinia auth store integration.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Codex Collab

Bridge Claude and Codex to run tasks, perform code reviews, and run background jobs for research or implementation workflows.

Cognitive Accessibility Specialist

Audits content, forms and authentication flows for cognitive accessibility (WCAG 2.2 / COGA) and gives prioritized remediation and plain-language guidance.

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

OWASP Security Best Practices

What it does

When to use it

What's included

Compatible agents