coder-rust-security by ozerohax/assistagents

<skill_overview> Maintain Rust safety guarantees and reduce security risks Using unsafe code Handling untrusted input FFI boundaries Working with shared state The Rustonomicon - Meet Safe and Unsafe The Rustonomicon - What Unsafe Does </skill_overview> <safe_vs_unsafe> Prefer safe Rust; avoid unsafe unless strictly necessary Keep unsafe blocks small and well-audited Document invariants required by unsafe code </safe_vs_unsafe> <unsafe_boundaries> Validate all inputs to unsafe functions Wrap unsafe code in safe, minimal APIs Never create invalid values (bad enum discriminants, null fn pointers) </unsafe_boundaries> <input_validation> Treat external input as untrusted Parse into validated types (newtypes, enums) Fail fast on invalid input </input_validation> <secrets_handling> Do not log secrets or credentials Avoid keeping secrets in long-lived Strings </secrets_handling> <anti_patterns> Large unsafe blocks without invariants Parsing input without validation Logging sensitive data </anti_patterns>