robotti-io/input-validation-hardening
skills/input-validation-hardening/SKILL.md
Process for tightening input validation, canonicalization, and safe parsing to prevent injection and logic abuse.
$ install --global
skillsauthnpx skillsauth add robotti-io/copilot-security-instructions input-validation-hardeningInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 11, 2026, 10:56 PM3.9s1 file scanned
SKILL.md
- name:
- input-validation-hardening
- description:
- Process for tightening input validation, canonicalization, and safe parsing to prevent injection and logic abuse.
Input Validation Hardening
When to use
Use this skill when asked to validate inputs, harden request parsing, or prevent injection/abuse.
Inputs to collect (if available)
- Entry points (HTTP endpoints, consumers, file parsers)
- Data sensitivity and trust boundaries
- Existing validation libraries/patterns in the codebase
- Known attack/abuse cases (payloads, bypass attempts)
Step-by-step process
- Inventory inputs
- HTTP params/body/headers, file uploads, message payloads, env vars, CLI args
- Define schemas
- Prefer typed schemas (DTOs) and allow-lists
- Enforce length, charset, ranges, and required fields
- Canonicalize early
- Normalize encoding, trim, and apply consistent parsing (dates, IDs, enums)
- Validate before use
- Reject unknown fields if possible
- Ensure IDs map to authorized resources (ownership/tenant checks)
- Protect sinks
- Parameterize DB queries
- Avoid dynamic execution (eval, shell, template injection)
- Add tests
- Boundary tests (min/max), malformed inputs, and common payloads
Output
- Proposed schema(s)
- Where to enforce validation (middleware/controller boundary)
- Tests added/updated
Repo integration (optional)
Related prompts:
validate-input-handling.prompt.mdscan-for-insecure-apis.prompt.md
Output format
- Inventory: inputs and boundaries
- Proposed schema(s) (high-level)
- Enforcement point: where validation should occur
- Test plan: boundary + malicious inputs
Examples
- “Public JSON API” → reject unknown fields, enforce max sizes, and add negative tests for type confusion and oversized payloads.
Related Skills
robotti-io/threat-model
tools
VerifiedTrustedCommunity
Threat model a system, feature, service, or PR using Shostack's 4Q workflow, evidence-first analysis, risk scoring, and CLI-friendly Mermaid helper scripts.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/access-control-review
testing
VerifiedTrustedCommunity
Analyze repository-grounded identity, access control, and authorization design with evidence-first reporting and script-validated Mermaid diagrams.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/threat-model
tools
VerifiedTrustedCommunity
Threat model a system, feature, service, or PR using Shostack's 4Q workflow, evidence-first analysis, risk scoring, and CLI-friendly Mermaid helper scripts.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/dependency-cve-triage
content-media
VerifiedTrustedCommunity
Triage a dependency CVE using local repo evidence and remediation guidance.
39SKILL.mdUpdated Apr 19, 2026