What is security-hardening in this skill?

A multi-layer security audit pipeline that blocks prompt injection, validates inputs, sandboxes execution, sanitizes outputs, and applies STRIDE threat modeling.

Which levels does it support and when to use them?

standard uses SAST plus validation and sanitization for routine audits; elevated adds threat modeling and compliance checks for pre-release audits; maximum includes a full sandbox, STRIDE coverage, and remediation for critical systems.

Which agents and tools are used?

Agents/security-auditor for vulnerability detection and Agents/reviewer for code quality verification, invoked via the babysitter process.

security-hardening

Scanned

npx machina-cli add skill a5c-ai/babysitter/security-hardening --openclaw

Files (1)

SKILL.md

1.6 KB

Security Hardening

Overview

Multi-layered security audit pipeline implementing the AIDefence architecture. Protects against prompt injection, path traversal, and other attack vectors while ensuring compliance with security best practices.

When to Use

Before deploying code to production
When processing untrusted inputs
Security audits of agent-generated code
Compliance verification (OWASP Top 10, CIS)

AIDefence Layers

Prompt Injection Detection - Pattern + heuristic blocking
Input Validation - Path traversal, type coercion, parameter sanitization
Static Analysis (SAST) - Vulnerability scanning, CWE matching
Sandboxed Execution - Network isolation, filesystem restrictions, resource limits
Output Sanitization - Secrets, PII, injection vector redaction

Security Levels

Level	Layers	Use Case
standard	SAST + validation + sanitization	Routine audits
elevated	+ threat modeling + compliance	Pre-release audits
maximum	+ sandbox + full STRIDE + remediation	Critical systems

Agents Used

agents/security-auditor/ - Vulnerability detection
agents/reviewer/ - Code quality verification

Tool Use

Invoke via babysitter process: methodologies/ruflo/ruflo-security-audit

Source

git clone https://github.com/a5c-ai/babysitter/blob/main/plugins/babysitter/skills/babysit/process/methodologies/ruflo/skills/security-hardening/SKILL.md

View on GitHub

Overview

Multi-layer security audit pipeline implementing the AIDefence architecture. It protects against prompt injection, path traversal, and other attack vectors while ensuring compliance with security best practices.

How This Skill Works

Operates as part of the babysitter process, applying layered checks in order: prompt injection detection, input validation, SAST, sandboxed execution, and output sanitization. At advanced levels, STRIDE threat modeling adds remediation guidance for critical systems.

When to Use It

Before deploying code to production
When processing untrusted inputs
Security audits of agent-generated code
Compliance verification (OWASP Top 10, CIS)
Pre-release audits and critical-system reviews

Quick Start

Step 1: Invoke the audit via babysitter with methodologies/ruflo/ruflo-security-audit
Step 2: Run the security-hardening checks across target code or prompts
Step 3: Review findings from security-auditor and reviewer and implement fixes

Best Practices

Model and document all threat vectors using STRIDE
Enforce strict input validation and sanitize all inputs
Use sandboxed execution with network/file system restrictions
Redact secrets and PII from outputs
Run automated SAST and vulnerability scanning as part of the pipeline

Example Use Cases

Auditing a chatbot prompt flow to block injections
Blocking path traversal via sanitized file path inputs
Sandbox testing of agent-generated code with resource limits
Redacting secrets in assistant responses before delivery
Aligning audits with OWASP Top 10 and CIS controls in pre-release

Frequently Asked Questions

Add this skill to your agents