Skills
Vibe Coding OWASP Security Rules File + Chain-of-Thought Security Prompting Reduces AI-Generated Vulnerabilities
45% of AI-generated code contains OWASP Top 10 vulnerabilities (Tenzai Dec 2025 study: 69 vulns across 5 tools, every tool introduced SSRF, zero built CSRF protection). Two complementary defenses: (1) Add Wiz Research's open-source language-specific security rules to claude.md/.windsurfrules—published on GitHub for Python, JS, Go, Ruby; (2) Prefix code generation prompts with 'reason through security implications before writing code' (CoT security). Add Semgrep with OWASP Top 10 ruleset to CI (~30 min setup) as the enforcement layer.
Source
↳ Follow the thread