> php-security
PHP security standards for database access, password handling, and input validation. Use when securing PHP apps against SQL injection, XSS, or weak password storage. (triggers: **/*.php, pdo, password_hash, htmlentities, filter_var)
curl "https://skillshub.wtf/HoangNguyen0403/agent-skills-standard/php-security?format=md"PHP Security
Priority: P0 (CRITICAL)
Structure
src/
└── Security/
├── Validators/
└── Auth/
Implementation Guidelines
- Prepared Statements: Use PDO exclusively. Never concatenate SQL.
- Type Binding: Apply
bindParam()with PDO constants. - Password Hashing: Use
password_hash()withPASSWORD_ARGON2ID. - Verify Securely: Use
password_verify()for all authentication. - XSS Escaping: Apply
htmlentities($data, ENT_QUOTES, 'UTF-8')to all user output. - Input Filtering: Use
filter_var()for types (email, URL, int). - CSRF Protection: Require tokens for all state-changing requests.
Anti-Patterns
- Raw SQL: No Concat: Never build queries with string concatenation.
- Weak Hashing: No MD5/SHA1: Use modern algorithms only.
- Trusting $_GET: No Raw Input: Always validate external data.
- Error Exposure: No Production Errors: Log errors; don't display them.
References
> related_skills --same-repo
> typescript-tooling
Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling. (triggers: tsconfig.json, .eslintrc.*, jest.config.*, package.json, eslint, prettier, jest, vitest, build, compile, lint)
> typescript-security
Secure coding practices for TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration. (triggers: **/*.ts, **/*.tsx, validate, sanitize, xss, injection, auth, password, secret, token)
> typescript-language
Modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings. (triggers: **/*.ts, **/*.tsx, tsconfig.json, type, interface, generic, enum, union, intersection, readonly, const, namespace)
> typescript-best-practices
Idiomatic TypeScript patterns for clean, maintainable code. Use when writing or refactoring TypeScript classes, functions, modules, or async logic. (triggers: **/*.ts, **/*.tsx, class, function, module, import, export, async, promise)