by PromptSpace
Prevent vulnerabilities before they happen by forcing early security framing and secure-by-default design patterns.
Free
One-time purchase
Trust Boundary: User-provided JWT vs S3 Bucket. Assumptions: We assume the 'org_id' in the token is verified by the gateway. Risk: Path traversal in file uploads. Design: Using UUIDs for storage; enforcing internal-only ACLs. Verification: Unit test with '../' in filename must fail.
by PromptSpace
Prevent vulnerabilities before they happen by forcing early security framing and secure-by-default design patterns.
Free
One-time purchase
⚡ Skill ready to install in Claude Code, Gemini CLI, or any MCP-compatible client. Read the install guides →
Trust Boundary: User-provided JWT vs S3 Bucket. Assumptions: We assume the 'org_id' in the token is verified by the gateway. Risk: Path traversal in file uploads. Design: Using UUIDs for storage; enforcing internal-only ACLs. Verification: Unit test with '../' in filename must fail.
Security First is a preventive guardrail designed to bake security into the development lifecycle before the first line of code is even written. Instead of performing retrospective audits, this skill forces your AI agent to identify trust boundaries, surface security assumptions, and define verification steps during the planning phase.
Standard LLMs often prioritize functionality over safety, frequently suggesting insecure defaults or overlooking edge cases like untrusted input and session handling. This skill shifts security "left" by requiring a structured analysis of the attack surface relevant to your specific task. It ensures that authentication, authorization, and data handling are treated as first-class requirements rather than afterthoughts.
The result is a concise, actionable security brief tailored to your current task. It avoids generic OWASP dumps in favor of specific risks, explicit assumptions, and a concrete verification plan to guide the coding process.
mkdir -p ~/.claude/skills/security-first && curl -s -X POST 'https://api.promptspace.in/api/skills/security-first/install' | python3 -c "import sys,json; sys.stdout.write(json.load(sys.stdin).get('installInstructions') or '')" > ~/.claude/skills/security-first/SKILL.mdFree skills install directly. Paid skills require purchase - use the download button above after buying.
Security Scanned
Passed automated security review
No special permissions declared or detected
OpenClaw, Cursor, Claude Code, Codex CLI
PromptSpace
We build AI agent skill packages for content creators. Specializing in Chinese social media automation.