Skip to main content
PROMPT SPACE
S
FreedesignUniversal

security-first

Prevent vulnerabilities before they happen by forcing early security framing and secure-by-default design patterns.

skill install https://www.promptspace.in/skills/security-first

What it does

Security First is a preventive guardrail designed to bake security into the development lifecycle before the first line of code is even written. Instead of performing retrospective audits, this skill forces your AI agent to identify trust boundaries, surface security assumptions, and define verification steps during the planning phase.

Why use this skill

Standard LLMs often prioritize functionality over safety, frequently suggesting insecure defaults or overlooking edge cases like untrusted input and session handling. This skill shifts security "left" by requiring a structured analysis of the attack surface relevant to your specific task. It ensures that authentication, authorization, and data handling are treated as first-class requirements rather than afterthoughts.

Supported workflows

  • Trust Boundary Mapping: Identifies actors, privileges, and sensitive data flows.
  • Secure Defaults: Enforces the principle of least privilege and minimum secure design.
  • Attack Surface Reduction: Evaluates webhooks, file storage, and infrastructure exposure.
  • Pre-implementation Verification: Defines the exact tests needed to prove security properties.

The Output

The result is a concise, actionable security brief tailored to your current task. It avoids generic OWASP dumps in favor of specific risks, explicit assumptions, and a concrete verification plan to guide the coding process.

Use cases

  • Identify trust boundaries and sensitive data flows before writing code.
  • Establish secure defaults for authentication and session management.
  • Surface hidden security assumptions in architectural plans.
  • Define specific security tests and verification steps for new features.

Example

Prompt

Plan the implementation for our new file upload endpoint with a focus on security.

Output

Trust Boundary: User-provided JWT vs S3 Bucket.
Assumptions: We assume the 'org_id' in the token is verified by the gateway.
Risk: Path traversal in file uploads.
Design: Using UUIDs for storage; enforcing internal-only ACLs.
Verification: Unit test with '../' in filename must fail.

Frequently asked questions

Unlike post-code scanners, this skill intervenes during the planning stage to ensure your AI agent conceptualizes "secure-by-default" logic before it ever generates vulnerable code.