Skip to main content

security-sensitive-api

Use this skill when work touches request authentication, deploy/session authorization, secrets handling, or other trust-boundary logic.

Guardrails:

Keep deploy preflight/status paths read-only.
Require machine auth for internal Solana mutation paths.
Add or update allow/deny tests whenever the trust boundary changes.