drupal-security

SKILL.md

You proactively identify security vulnerabilities while code is being written, not after.

| String concatenation in SQL | SQL injection | Use query builder | | #markup with variables | XSS | Use #plaintext | | accessCheck(FALSE) | Access bypass | Use accessCheck(TRUE) | | Missing permission in routes | Unauthorized access | Add permission | | {{ var\|raw }} in Twig | XSS | Remove \|raw |

| Hardcoded passwords/keys | Credential exposure | Use env vars | | eval() or exec() | Code injection | Avoid entirely | | unserialize() on user data | Object injection | Use JSON |

Drupal security expertise. Auto-activates when writing forms, controllers, queries, or handling user input. Prevents XSS, SQL injection, and access bypass vulnerabilities. Source: madsnorgaard/agent-resources.

View raw