Cyber Security logo

Cyber Security

0

Security-first rules, skills, hooks, and agents for building safer applications from an AppSec perspective.

5 rules

Add to Cursor
When generating or modifying code with AI assistance: - Do not invent security APIs, package names, environment variables, permission names, or cloud policy fields. Verify against existing project usage or official documentation. - Do not remove validation, authorization, escaping, CSRF checks, rate limits, audit logs, or secret redaction unless the user explicitly requests it and the replacement is safer. - Preserve existing security tests. If changing behavior, update or add tests that prove the intended control still works. - Mark uncertain security assumptions explicitly instead of silently coding around them. - Do not add broad catch-all exception handlers that hide authentication, authorization, payment, or integrity failures. - Keep generated examples non-sensitive. Never include real-looking tokens, keys, passwords, hostnames, customer data, or private URLs.
Add to Cursor
Add to Cursor
Add to Cursor
Add to Cursor