Security Best Practices

/security-best-practicesOfficial

Security reviews and secure-by-default guidance for codebases with actionable improvement recommendations.

SecurityCode ReviewBest Practices· 1 min read

Quick import: Download the .md file and save it to .claude/commands/ (Claude Code), .cursorrules (Cursor), or paste as a system prompt in ChatGPT, Gemini, or any LLM API.

#What it does

The security-best-practices skill performs security reviews on codebases and provides secure-by-default guidance. It identifies common vulnerability patterns, suggests hardened alternatives, and produces actionable recommendations organized by severity and effort.

#How to use

bash

$security-best-practices

Review this codebase for security best practices and suggest secure-by-default improvements.

#What it covers

Input validation -- Sanitization, parameterized queries, injection prevention
Authentication and authorization -- Auth middleware, access control, session management
Secrets management -- Hardcoded credentials, environment variable hygiene, secret rotation
Dependencies -- Known CVEs, outdated packages, supply chain risks
Configuration -- Debug mode, CORS policies, security headers, TLS enforcement
Data exposure -- Sensitive data in logs, error messages, API responses
Cryptography -- Weak algorithms, insecure random generation, key management

#Output format

Findings are organized by severity (Critical, High, Medium, Low) with specific file locations, explanations of the risk, and concrete fix recommendations.

This skill is from the OpenAI Skills Catalog.

OpenAI·16 Mar, 2026

View all skills