Skip to content

Commit 9eb35ec

Browse files
righettodrighettod
committed
add a new metadata field for notes
1 parent 9a49fa9 commit 9eb35ec

4 files changed

Lines changed: 19 additions & 4 deletions

File tree

.claude/skills/secure-microsoft-word-validation/SKILL.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,12 @@
11
---
22
name: secure-microsoft-word-validation
3-
description: Generate secure microsoft word file validation code. Enforces secure generation of code validating a microsoft word file. Invoke when writing any microsoft word file validation related code. Remote template references and external linked-image/content relationships are not blocked by this skill so that legitimate Word templates and linked images remain usable. Apply network-level controls or a dedicated content-inspection layer to cover those vectors if needed.
3+
description: Generate secure microsoft word file validation code. Enforces secure generation of code validating a microsoft word file. Invoke when writing any microsoft word file validation related code. See "security-considerations" metadata for security limitations.
44
allowed-tools: Read Grep Glob
55
metadata:
66
category: security
7+
security-considerations:
8+
- Remote template references and external linked-image/content relationships are not blocked by this skill so that legitimate Word templates and linked images remain usable.
9+
- Apply network-level controls or a dedicated content-inspection layer to cover those vectors if needed.
710
---
811

912
# Secure Microsoft Word File Validation Code Generation Rules

.claude/skills/secure-relative-url-validation/SKILL.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,11 @@
11
---
22
name: secure-relative-url-validation
3-
description: Generate secure relative url validation code for open redirect prevention. Intentionally strict — rejects valid but risky relative URL forms such as `../page`, `?query`, and `#anchor`. Invoke when writing any relative url validation related code.
3+
description: Generate secure relative url validation code for open redirect prevention. Enforces secure generation of code validating a relative url. Invoke when writing any relative url validation related code. See "security-considerations" metadata for strict validation behavior.
44
allowed-tools: Read Grep Glob
55
metadata:
66
category: security
7+
security-considerations:
8+
- Intentionally strict, it rejects valid but risky relative URL forms such as "../page", "?query", and "#anchor".
79
---
810

911
# Secure URL Validation Code Generation Rules

CLAUDE.md

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,16 @@ description: ... # what it does and when to invoke it
2020
allowed-tools: Read Grep Glob # tools the skill may use without approval
2121
metadata:
2222
category: security # all skills in this repo use category: security
23+
security-considerations: # optional, provide information about threats not covered or strictness of controls applied.
24+
- ...
2325
```
2426
25-
Do not add fields outside the agentskills.io spec at the top level. Non-standard fields belong under `metadata`.
27+
Do not add fields outside the `agentskills.io` spec at the top level. Non-standard fields belong under `metadata`.
28+
29+
Mandatory or optional presence of fields in the section `metadata`:
30+
31+
- `security-considerations` is **optional**.
32+
- `category` is **mandatory**.
2633

2734
### Body structure
2835

@@ -34,6 +41,7 @@ Every skill must have:
3441
- A Java BAD/GOOD code example illustrating every rule.
3542
3. A `## 2. Output Checklist` section with one checkbox per rule.
3643
4. A `## References` section linking to one or several of the following authoritative sources: OWASP, PORTSWIGGER, MITRE, NIST, ANSSI, SANS, MICROSOFT, ECMA.
44+
5. A *Frontmatter section* fully valid according to the rules defined in the section `Frontmatter (valid fields only)`.
3745

3846
### Code snippet formatting rules
3947

@@ -53,7 +61,7 @@ Before adding or modifying a skill, verify:
5361
- Code snippets declare all variables they use.
5462
- Security gaps covered: No case is missing.
5563
- Skill follow a consistent `secure-<subject>-<action>` naming pattern.
56-
- Code snippets follow the formatting rules above (no 80-column wrapping, no alignment padding).
64+
- Code snippets follow the formatting rules defined into the section `Code snippet formatting rules` (no 80-column wrapping, no alignment padding).
5765

5866
## Validation
5967

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@
2424

2525
📄 The convention to create a skills is specified into the [CLAUDE.md](CLAUDE.md) file.
2626

27+
💡 If a skills has limitations or a specific behavior then it is documented into the `metadata` field named `security-considerations`.
28+
2729
## Commands
2830

2931
✅ In *Claude code* use the following commands:

0 commit comments

Comments
 (0)