>_

security/input-validation

Input Validation security skill

$ 安裝

git clone https://github.com/mgreenly/ikigai /tmp/ikigai && cp -r /tmp/ikigai/.claude/library/security/input-validation ~/.claude/skills/ikigai

// tip: Run this command in your terminal to install the skill

SKILL.md
View on GitHub →

name: security/input-validation description: Input Validation security skill

Input Validation

All external data is hostile. Validate exhaustively at trust boundaries, reject by default.

ikigai Application

Trust boundaries in ikigai:

  • Terminal input (keystrokes, escape sequences)
  • Config files (JSON, paths)
  • LLM responses (streaming chunks)
  • Environment variables

Injection vectors:

  • Command injection: Never pass user strings to system() or popen()
  • Path traversal: Reject .., canonicalize paths before use
  • Format string: Never printf(user_input), always printf("%s", user_input)
  • Null byte: Truncates C strings, bypasses extension checks

Validation principles:

  • Allowlist over blocklist
  • Validate type, length, format, range
  • Reject on first failure
  • Sanitize for context (shell, SQL, HTML, ANSI)

After validation: Internal functions can assert() preconditions. The boundary function already validated.

Review red flags: User data in format strings, string concatenation for paths/commands, unchecked lengths.

Repository

mgreenly
mgreenly
Author
mgreenly/ikigai/.claude/library/security/input-validation
1
Stars
0
Forks
Updated4d ago
Added1w ago

Actions

View on GitHubDownload ZIPReport Issue

Related Skills

payload
payloadcms/payload
39.0k
creating-financial-models
anthropics/claude-cookbooks
28.3k
cookbook-audit
anthropics/claude-cookbooks
28.3k
doc-coauthoring
anthropics/skills
24.5k
webapp-testing
anthropics/skills
24.5k