Security First
by Roy Yuen
Prevent vulnerabilities before they happen by forcing early security framing and secure-by-default design patterns.
Free
Works with the AI tools you already use
About this skill
What it does
Security First is a preventive guardrail designed to bake security into the development lifecycle before the first line of code is even written. Instead of performing retrospective audits, this skill forces your AI agent to identify trust boundaries, surface security assumptions, and define verification steps during the planning phase.
Why use this skill
Standard LLMs often prioritize functionality over safety, frequently suggesting insecure defaults or overlooking edge cases like untrusted input and session handling. This skill shifts security "left" by requiring a structured analysis of the attack surface relevant to your specific task. It ensures that authentication, authorization, and data handling are treated as first-class requirements rather than afterthoughts.
Supported workflows
- Trust Boundary Mapping: Identifies actors, privileges, and sensitive data flows.
- Secure Defaults: Enforces the principle of least privilege and minimum secure design.
- Attack Surface Reduction: Evaluates webhooks, file storage, and infrastructure exposure.
- Pre-implementation Verification: Defines the exact tests needed to prove security properties.
The Output
The result is a concise, actionable security brief tailored to your current task. It avoids generic OWASP dumps in favor of specific risks, explicit assumptions, and a concrete verification plan to guide the coding process.
Details
How to install
Drop the file into your AI Agent. Works with Claude, Cursor, ChatGPT, and 20+ more.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
No special permissions declared or detected
Creator
Frequently Asked Questions
Browse More Skills
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.
code-reviewer
Reviews your code for bugs, security vulnerabilities, logic errors, performance issues, and style violations. Organizes findings by severity and suggests fixes with code examples.

humanize-writing
Transform robotic AI drafts into natural, human-sounding prose with native-level flow and tone.

prompt-engineer
Professional prompt engineering patterns for building robust, secure, and production-ready LLM applications.