Patrick/medassist-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
de31ac7eb761690ca6b1128d9e997244cad6bf05
medassist-ng/.github/skills/medassist-security-sanity/SKILL.md
T

1.3 KiB
Raw Blame History

name, description
name description
medassist-security-sanity Apply baseline security checks to MedAssist code changes, especially for backend routes, auth flows, and input handling, including equivalent requests phrased in German.

Skill Instructions

Use this skill when a change touches backend routes, auth/session logic, file handling, imports/exports, or external input.

Objective

Prevent common security regressions with fast, practical checks during implementation.

Required Checks

  1. Validate and sanitize external input at API boundaries.
  2. Enforce auth/authz server-side for protected actions.
  3. Ensure secrets/tokens are never hardcoded or logged.
  4. Avoid information leakage in error responses.
  5. Keep permission-sensitive operations explicit and auditable.

MedAssist Focus Areas

  • Route handlers in backend/src/routes/.
  • Auth-related code in backend/src/plugins/ and auth routes.
  • Data import/export and sharing endpoints.
  • File/image upload and serving paths.

Anti-Patterns

  • Trusting frontend-only checks.
  • Accepting unchecked query/body/path input.
  • Returning raw internal errors to clients.
  • Weak defaults for sensitive operations.

Response Format

Report:

  • Security-sensitive files reviewed
  • Findings by severity (critical/major/minor)
  • Concrete remediation actions
  • Residual risk (if any)
Reference in New Issue View Git Blame Copy Permalink