---

name: security-practices description: Security practices including secrets management, input validation, SSRF prevention, and production hardening. Use for security-sensitive code.

security-practices

Quick Start

1. All secrets in environment variables (never in config files)
2. Validate inputs at system boundaries
3. Sanitize error responses (no stack traces in production)
4. Use HTTPS for all external connections

Key Principles

• Environment variables for all secrets
• SSRF prevention (block internal IP ranges)
• Development vs Production mode separation
• Rigorous input validation

References

See rules.md for complete conventions.