Agent Skills
› NeverSight/learn-skills.dev
› security-privacy
security-privacy
GitHub用于代码变更前的安全与隐私检查。适用于涉及用户数据、身份认证、日志记录或外部集成的场景,确保符合最小权限原则,防止PII泄露及密钥硬编码,保障边界安全设计。
Trigger Scenarios
添加、读取或写入用户/工作区数据
修改身份认证、权限控制、Firebase规则或外部API调用
新增日志、分析、遥测或错误报告功能
Install
npx skills add NeverSight/learn-skills.dev --skill security-privacy -g -y
SKILL.md
Frontmatter
{
"name": "security-privacy",
"description": "Pre-flight security & privacy checklist for changes touching identity, data, logging, or external integrations; ensures secrets\/PII hygiene and boundary-safe design."
}
Security & Privacy (Pre-flight)
Use when
- Adding/reading/writing user/workspace data.
- Touching identity/auth, permissions, Firebase rules, or external APIs.
- Adding logging, analytics, telemetry, or error reporting.
Workflow
- Identify data: what fields are PII, where stored, retention expectations.
- Identify trust boundaries: browser ↔ Firebase/backend; who can call what.
- Minimize & redact: remove unnecessary fields; ensure logs/errors redact secrets/PII.
- Validate inputs at the edge; keep Domain pure.
- Confirm least privilege: tokens, rules, and access paths.
Output checklist
- No secrets in repo, fixtures, or logs.
- No PII in logs/errors/templates.
- Clear authorization point (not scattered across UI).
- Deletion path does not leave access holes.
References
.github/instructions/65-security-privacy-copilot-instructions.md
Version History
- e0220ca Current 2026-07-05 21:27


