security-hardening
// AIDefence security layer with prompt injection blocking, input validation, sandboxed execution, output sanitization, and STRIDE threat modeling.
$ git log --oneline --stat
stars:384
forks:73
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
namesecurity-hardening
descriptionAIDefence security layer with prompt injection blocking, input validation, sandboxed execution, output sanitization, and STRIDE threat modeling.
allowed-toolsRead, Write, Edit, Bash, Grep, Glob, WebFetch, WebSearch, Agent, AskUserQuestion
Security Hardening
Overview
Multi-layered security audit pipeline implementing the AIDefence architecture. Protects against prompt injection, path traversal, and other attack vectors while ensuring compliance with security best practices.
When to Use
- Before deploying code to production
- When processing untrusted inputs
- Security audits of agent-generated code
- Compliance verification (OWASP Top 10, CIS)
AIDefence Layers
- Prompt Injection Detection - Pattern + heuristic blocking
- Input Validation - Path traversal, type coercion, parameter sanitization
- Static Analysis (SAST) - Vulnerability scanning, CWE matching
- Sandboxed Execution - Network isolation, filesystem restrictions, resource limits
- Output Sanitization - Secrets, PII, injection vector redaction
Security Levels
| Level | Layers | Use Case |
|---|---|---|
| standard | SAST + validation + sanitization | Routine audits |
| elevated | + threat modeling + compliance | Pre-release audits |
| maximum | + sandbox + full STRIDE + remediation | Critical systems |
Agents Used
agents/security-auditor/- Vulnerability detectionagents/reviewer/- Code quality verification
Tool Use
Invoke via babysitter process: methodologies/ruflo/ruflo-security-audit