Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aj-geddes/csrf-protection

Name: csrf-protection
Author: aj-geddes

skills/csrf-protection/SKILL.md

npx skillsauth add aj-geddes/useful-ai-prompts csrf-protection

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

CSRF Protection

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Implement comprehensive Cross-Site Request Forgery protection using synchronizer tokens, double-submit cookies, SameSite cookie attributes, and custom headers.

When to Use

Form submissions
State-changing operations
Authentication systems
Payment processing
Account management
Any POST/PUT/DELETE requests

Quick Start

Minimal working example:

// csrf-protection.js
const crypto = require("crypto");
const csrf = require("csurf");

class CSRFProtection {
  constructor() {
    this.tokens = new Map();
    this.tokenExpiry = 3600000; // 1 hour
  }

  /**
   * Generate CSRF token
   */
  generateToken() {
    return crypto.randomBytes(32).toString("hex");
  }

  /**
   * Create token for session
   */
  createToken(sessionId) {
    const token = this.generateToken();
    const expiry = Date.now() + this.tokenExpiry;

    this.tokens.set(sessionId, {
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

| Guide | Contents | |---|---| | Node.js/Express CSRF Protection | Node.js/Express CSRF Protection | | Double Submit Cookie Pattern | Double Submit Cookie Pattern | | Python Flask CSRF Protection | Python Flask CSRF Protection | | Frontend CSRF Implementation | Frontend CSRF Implementation | | Origin and Referer Validation | Origin and Referer Validation |

Best Practices

✅ DO

Use CSRF tokens for all state-changing operations
Set SameSite=Strict on cookies
Validate Origin/Referer headers
Use secure, random tokens
Implement token expiration
Use HTTPS only
Include tokens in AJAX requests
Test CSRF protection

❌ DON'T

Skip CSRF for authenticated requests
Use GET for state changes
Trust Origin header alone
Reuse tokens
Store tokens in localStorage
Allow credentials in CORS without validation

aj-geddes/csrf-protection

skills/csrf-protection/SKILL.md

Implement Cross-Site Request Forgery (CSRF) protection using tokens, SameSite cookies, and origin validation. Use when building forms and state-changing operations.

154 stars

development

Updated Apr 1, 2026

$ install --global

skillsauth

npx skillsauth add aj-geddes/useful-ai-prompts csrf-protection

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 2, 2026, 1:56 AM67.5s7 files scanned

SKILL.md

name:: csrf-protection
description:: >

CSRF Protection

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Implement comprehensive Cross-Site Request Forgery protection using synchronizer tokens, double-submit cookies, SameSite cookie attributes, and custom headers.

When to Use

Form submissions
State-changing operations
Authentication systems
Payment processing
Account management
Any POST/PUT/DELETE requests

Quick Start

Minimal working example:

// csrf-protection.js
const crypto = require("crypto");
const csrf = require("csurf");

class CSRFProtection {
  constructor() {
    this.tokens = new Map();
    this.tokenExpiry = 3600000; // 1 hour
  }

  /**
   * Generate CSRF token
   */
  generateToken() {
    return crypto.randomBytes(32).toString("hex");
  }

  /**
   * Create token for session
   */
  createToken(sessionId) {
    const token = this.generateToken();
    const expiry = Date.now() + this.tokenExpiry;

    this.tokens.set(sessionId, {
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Best Practices

✅ DO

Use CSRF tokens for all state-changing operations
Set SameSite=Strict on cookies
Validate Origin/Referer headers
Use secure, random tokens
Implement token expiration
Use HTTPS only
Include tokens in AJAX requests
Test CSRF protection

❌ DON'T

Skip CSRF for authenticated requests
Use GET for state changes
Trust Origin header alone
Reuse tokens
Store tokens in localStorage
Allow credentials in CORS without validation

Related Skills

aj-geddes/zero-trust-architecture

development

VerifiedTrustedCommunity

Implement Zero Trust security model with identity verification, microsegmentation, least privilege access, and continuous monitoring. Use when building secure cloud-native applications.

154SKILL.mdUpdated Apr 1, 2026

aj-geddes/zero-trust-architecture

aj-geddes/xss-prevention

development

VerifiedTrustedCommunity

Prevent Cross-Site Scripting (XSS) attacks through input sanitization, output encoding, and Content Security Policy. Use when handling user-generated content in web applications.

154SKILL.mdUpdated Apr 1, 2026

aj-geddes/xss-prevention

aj-geddes/wireframe-prototyping

tools

VerifiedTrustedCommunity

Create wireframes and interactive prototypes to visualize user interfaces and gather feedback early. Use tools and techniques to communicate design ideas before development.

154SKILL.mdUpdated Apr 1, 2026

aj-geddes/wireframe-prototyping

aj-geddes/websocket-implementation

development

VerifiedTrustedCommunity

Implement real-time bidirectional communication with WebSockets including connection management, message routing, and scaling. Use when building real-time features, chat systems, live notifications, or collaborative applications.

154SKILL.mdUpdated Apr 1, 2026

aj-geddes/websocket-implementation

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aj-geddes/useful-ai-prompts.git

# Copy into Claude Code skills folder (global)
cp -r useful-ai-prompts/skills/csrf-protection ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aj-geddes/useful-ai-prompts

154 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT

Adoption

aj-geddes/csrf-protection

$ install --global

Security Scan Results

SKILL.md

CSRF Protection

Table of Contents

Overview

When to Use

Quick Start

Reference Guides

Best Practices

✅ DO

❌ DON'T

Related Skills

aj-geddes/zero-trust-architecture

aj-geddes/xss-prevention

aj-geddes/wireframe-prototyping

aj-geddes/websocket-implementation

aj-geddes/csrf-protection

$ install --global

Security Scan Results

SKILL.md

CSRF Protection

Table of Contents

Overview

When to Use

Quick Start

Reference Guides

Best Practices

✅ DO

❌ DON'T

Related Skills

aj-geddes/zero-trust-architecture

aj-geddes/xss-prevention

aj-geddes/wireframe-prototyping

aj-geddes/websocket-implementation