<?xml version="1.0" encoding="utf-8"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>General on security-recipes.ai</title><link>https://security-recipes.ai/prompt-library/general/</link><description>Recent content in General on security-recipes.ai</description><language>en-us</language><atom:link href="https://security-recipes.ai/prompt-library/general/index.xml" rel="self" type="application/rss+xml"/><item><title>SOC 2 change-management evidence check</title><link>https://security-recipes.ai/prompt-library/general/compliance-standards/soc2-change-management-evidence-check/</link><guid>https://security-recipes.ai/prompt-library/general/compliance-standards/soc2-change-management-evidence-check/</guid><pubDate>Thu, 25 Jun 2026 00:00:00 GMT</pubDate><description>Read-only recipe for mapping repository changes, reviews, and agent runs to SOC 2 change-management evidence.</description></item><item><title>ISO 27001 secure-development evidence check</title><link>https://security-recipes.ai/prompt-library/general/compliance-standards/iso27001-secure-development-evidence-check/</link><guid>https://security-recipes.ai/prompt-library/general/compliance-standards/iso27001-secure-development-evidence-check/</guid><pubDate>Thu, 25 Jun 2026 00:00:00 GMT</pubDate><description>Read-only recipe for collecting ISO 27001 secure-development, configuration, supplier, and access-control evidence from a repository.</description></item><item><title>PCI DSS CDE and agent boundary check</title><link>https://security-recipes.ai/prompt-library/general/compliance-standards/pci-dss-cde-agent-boundary-check/</link><guid>https://security-recipes.ai/prompt-library/general/compliance-standards/pci-dss-cde-agent-boundary-check/</guid><pubDate>Thu, 25 Jun 2026 00:00:00 GMT</pubDate><description>Read-only recipe for checking whether agents, CI, logs, and repositories cross cardholder-data environment boundaries.</description></item><item><title>NIST SSDF repository evidence check</title><link>https://security-recipes.ai/prompt-library/general/compliance-standards/nist-ssdf-repo-evidence-check/</link><guid>https://security-recipes.ai/prompt-library/general/compliance-standards/nist-ssdf-repo-evidence-check/</guid><pubDate>Thu, 25 Jun 2026 00:00:00 GMT</pubDate><description>Read-only recipe for mapping repository evidence to NIST SSDF practices and producing a secure-development gap report.</description></item><item><title>CIS Controls safeguard implementation check</title><link>https://security-recipes.ai/prompt-library/general/compliance-standards/cis-controls-safeguard-implementation-check/</link><guid>https://security-recipes.ai/prompt-library/general/compliance-standards/cis-controls-safeguard-implementation-check/</guid><pubDate>Thu, 25 Jun 2026 00:00:00 GMT</pubDate><description>Read-only recipe for checking repository and workflow evidence against CIS Controls safeguard themes.</description></item><item><title>SLSA provenance evidence check</title><link>https://security-recipes.ai/prompt-library/general/compliance-standards/slsa-provenance-evidence-check/</link><guid>https://security-recipes.ai/prompt-library/general/compliance-standards/slsa-provenance-evidence-check/</guid><pubDate>Thu, 25 Jun 2026 00:00:00 GMT</pubDate><description>Read-only recipe for checking build provenance, artifact integrity, and supply-chain evidence against SLSA expectations.</description></item><item><title>AI governance oversight evidence check</title><link>https://security-recipes.ai/prompt-library/general/compliance-standards/ai-governance-oversight-evidence-check/</link><guid>https://security-recipes.ai/prompt-library/general/compliance-standards/ai-governance-oversight-evidence-check/</guid><pubDate>Thu, 25 Jun 2026 00:00:00 GMT</pubDate><description>Read-only recipe for collecting human oversight, model-provider, logging, and risk-classification evidence for AI-enabled workflows.</description></item><item><title>DeFi reentrancy and callback hardening</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/defi-reentrancy-and-callback-hardening/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/defi-reentrancy-and-callback-hardening/</guid><pubDate>Sun, 14 Jun 2026 00:00:00 GMT</pubDate><description>Use this prompt to harden DeFi contracts that make external calls, transfer tokens, or rely on callback-capable standards.</description></item><item><title>DeFi admin-key and role blast-radius review</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/defi-admin-key-and-role-blast-radius-review/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/defi-admin-key-and-role-blast-radius-review/</guid><pubDate>Sun, 14 Jun 2026 00:00:00 GMT</pubDate><description>Use this prompt to reduce the damage a compromised admin key, overbroad role, or rushed governance action can cause in a DeFi protocol.</description></item><item><title>ERC-4626 vault inflation and rounding guardrails</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/erc4626-vault-inflation-and-rounding-guardrails/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/erc4626-vault-inflation-and-rounding-guardrails/</guid><pubDate>Sun, 14 Jun 2026 00:00:00 GMT</pubDate><description>Use this prompt to harden ERC-4626 vaults and vault-like share systems against first-depositor inflation, donation attacks, and unsafe rounding.</description></item><item><title>Permit and meta-transaction replay guardrails</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/permit-and-meta-transaction-replay-guardrails/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/permit-and-meta-transaction-replay-guardrails/</guid><pubDate>Sun, 14 Jun 2026 00:00:00 GMT</pubDate><description>Use this prompt to prevent signature replay across chains, contracts, forks, functions, and repeated permit or meta-transaction execution.</description></item><item><title>Cross-chain message authenticity guardrails</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/cross-chain-message-authenticity-guardrails/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/cross-chain-message-authenticity-guardrails/</guid><pubDate>Sun, 14 Jun 2026 00:00:00 GMT</pubDate><description>Use this prompt to harden cross-chain message handlers against forged payloads, chain replay, untrusted relayers, and missing proof checks.</description></item><item><title>DEX slippage and MEV guardrails</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/dex-slippage-and-mev-guardrails/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/dex-slippage-and-mev-guardrails/</guid><pubDate>Sun, 14 Jun 2026 00:00:00 GMT</pubDate><description>Use this prompt to harden swaps, liquidations, rebalances, and routing flows against missing slippage checks and predictable-ordering risk.</description></item><item><title>Source code audit - attack surface map</title><link>https://security-recipes.ai/prompt-library/general/source-code-attack-surface-map/</link><guid>https://security-recipes.ai/prompt-library/general/source-code-attack-surface-map/</guid><pubDate>Sat, 06 Jun 2026 00:00:00 GMT</pubDate><description>A tool-agnostic source-code audit recipe that asks an agent to map where untrusted input enters a repository, where privileged actions happen, and which trust boundaries deserve deeper review.</description></item><item><title>Source code audit - auth and tenant boundaries</title><link>https://security-recipes.ai/prompt-library/general/source-code-authz-tenant-boundary-audit/</link><guid>https://security-recipes.ai/prompt-library/general/source-code-authz-tenant-boundary-audit/</guid><pubDate>Sat, 06 Jun 2026 00:00:00 GMT</pubDate><description>A focused source-code audit recipe for authorization, tenant isolation, object ownership, and privilege-boundary mistakes. It is designed for code review sessions where the question is not &quot;is there …</description></item><item><title>CVE intelligence intake gate</title><link>https://security-recipes.ai/prompt-library/general/cve-intelligence-intake-gate/</link><guid>https://security-recipes.ai/prompt-library/general/cve-intelligence-intake-gate/</guid><pubDate>Sat, 06 Jun 2026 00:00:00 GMT</pubDate><description>A tool-agnostic prompt that turns a fresh CVE, GHSA, OSV, vendor bulletin, scanner alert, or ticket into one of five bounded outcomes:</description></item><item><title>Source code audit - injection and unsafe sinks</title><link>https://security-recipes.ai/prompt-library/general/source-code-injection-sink-audit/</link><guid>https://security-recipes.ai/prompt-library/general/source-code-injection-sink-audit/</guid><pubDate>Sat, 06 Jun 2026 00:00:00 GMT</pubDate><description>A source-code audit recipe for tracing untrusted input into dangerous sinks: SQL, shell, template rendering, SSRF, deserialization, file paths, regular expressions, dynamic evaluation, and …</description></item><item><title>Source code audit - secrets and data exposure</title><link>https://security-recipes.ai/prompt-library/general/source-code-secrets-data-exposure-audit/</link><guid>https://security-recipes.ai/prompt-library/general/source-code-secrets-data-exposure-audit/</guid><pubDate>Sat, 06 Jun 2026 00:00:00 GMT</pubDate><description>A source-code audit recipe for finding places where secrets, tokens, credentials, regulated data, or customer content can leak through code, logs, telemetry, prompts, artifacts, exports, caches, or …</description></item><item><title>Source code audit - dependency and build integrity</title><link>https://security-recipes.ai/prompt-library/general/source-code-supply-chain-build-integrity-audit/</link><guid>https://security-recipes.ai/prompt-library/general/source-code-supply-chain-build-integrity-audit/</guid><pubDate>Sat, 06 Jun 2026 00:00:00 GMT</pubDate><description>A source-code audit recipe for dependency hygiene, lockfile integrity, build and CI trust boundaries, generated artifacts, package publishing, and release provenance.</description></item><item><title>Hot-wallet transaction policy enforcement</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/hot-wallet-transaction-policy-enforcement/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/hot-wallet-transaction-policy-enforcement/</guid><pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate><description>Use this prompt to harden a hot-wallet signing pipeline so unsafe transactions are blocked before they can be signed.</description></item><item><title>Crypto payment address integrity checks</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/crypto-payment-address-integrity-check/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/crypto-payment-address-integrity-check/</guid><pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate><description>Use this prompt to prevent destination-address substitution and address-poisoning mistakes in crypto payment systems.</description></item><item><title>Seed phrase and key-material purge</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/seed-phrase-and-key-material-purge/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/seed-phrase-and-key-material-purge/</guid><pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate><description>Use this prompt to locate and remove exposed wallet seed phrases, private keys, and signing credentials from code and operational systems.</description></item><item><title>Smart-contract upgrade diff risk review</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/smart-contract-upgrade-diff-risk-review/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/smart-contract-upgrade-diff-risk-review/</guid><pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate><description>Use this prompt to review upgrade diffs and enforce invariant checks before smart-contract changes are approved.</description></item><item><title>DeFi oracle manipulation guardrails</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/defi-oracle-manipulation-guardrails/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/defi-oracle-manipulation-guardrails/</guid><pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate><description>Use this prompt to add and verify protections against oracle-based price manipulation in DeFi execution paths.</description></item><item><title>Bridge and multisig emergency response</title><link>https://security-recipes.ai/prompt-library/general/crypto-defi/defi-bridge-and-multisig-emergency-response/</link><guid>https://security-recipes.ai/prompt-library/general/crypto-defi/defi-bridge-and-multisig-emergency-response/</guid><pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate><description>Use this prompt to codify emergency response for bridge and multisig incidents where rapid containment is required.</description></item><item><title>PHP object deserialization — `unserialize` on untrusted data</title><link>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/php-unserialize/</link><guid>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/php-unserialize/</guid><pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate><description>Replace unsafe `unserialize` usage with JSON or strict allowed-class deserialization; add tests that preserve payload behavior.</description></item><item><title>Ruby unsafe deserialization — `Marshal.load` / `YAML.load`</title><link>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/ruby-marshal-yaml-load/</link><guid>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/ruby-marshal-yaml-load/</guid><pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate><description>Replace `Marshal.load` and unsafe YAML loading with safe parsers, typed coercion, and strict migration tests.</description></item><item><title>SAST finding — triage and fix</title><link>https://security-recipes.ai/prompt-library/general/sast-finding-triage-and-fix/</link><guid>https://security-recipes.ai/prompt-library/general/sast-finding-triage-and-fix/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>A tool-agnostic prompt that takes a single SAST finding and either opens a reviewer-ready PR (true positive, fixable), opens a suppression PR with justification and an expiry (confirmed false …</description></item><item><title>Base image — bump and rebuild</title><link>https://security-recipes.ai/prompt-library/general/base-image-bump/</link><guid>https://security-recipes.ai/prompt-library/general/base-image-bump/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>A tool-agnostic prompt that takes a CVE finding scoped to a base image or an OS-package layer, and produces a reviewer-ready PR that bumps the FROM line (or the package install layer), rebuilds the …</description></item><item><title>Compromised package — cache quarantine</title><link>https://security-recipes.ai/prompt-library/general/compromised-package-cache-quarantine/</link><guid>https://security-recipes.ai/prompt-library/general/compromised-package-cache-quarantine/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>A tool-agnostic prompt that takes a &quot;this package is malicious&quot; advisory and runs the eviction across the org&#39;s registries, caches, and mirrors — quarantining the artifact, verifying the purge …</description></item><item><title>Agent session — telemetry-driven kill rules</title><link>https://security-recipes.ai/prompt-library/general/agent-session-kill-rules/</link><guid>https://security-recipes.ai/prompt-library/general/agent-session-kill-rules/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>A tool-agnostic prompt that takes a workflow&#39;s run telemetry and a draft set of decision rules, and produces (a) a vetted rule pack the session monitor can load and (b) a synthetic red-team exercise …</description></item><item><title>Python pickle / dill on untrusted input</title><link>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/python-pickle/</link><guid>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/python-pickle/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>Replace pickle on untrusted input; mitigate via a restricted unpickler with an explicit class allowlist.</description></item><item><title>PyYAML `yaml.load` without a safe Loader</title><link>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/pyyaml-load/</link><guid>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/pyyaml-load/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>Default to `yaml.safe_load`; install an import-time shim that defaults the loader for legacy callers.</description></item><item><title>Java ObjectInputStream and friends</title><link>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/java-deserialization/</link><guid>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/java-deserialization/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>Replace with JSON serializers; mitigate via JEP 290 deserialization filters with a strict class allowlist.</description></item><item><title>XML external entities (XXE) — parser defaults</title><link>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/xxe-xml-defaults/</link><guid>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/xxe-xml-defaults/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>Per-language parser hardening: defusedxml for Python, factory feature flags for Java, libxml entity-loading off in PHP.</description></item><item><title>JWT — `alg: none` and algorithm confusion</title><link>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/jwt-alg-none/</link><guid>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/jwt-alg-none/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>Force an explicit algorithm allowlist on every verify call; reject `none` at the import boundary.</description></item><item><title>JavaScript `eval()` / `new Function()` on untrusted input</title><link>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/eval-and-function-constructor/</link><guid>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/eval-and-function-constructor/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>Replace with parsers or restricted evaluators; add a CSP `script-src` ban on `unsafe-eval` for browser code.</description></item><item><title>Disabled TLS verification — `verify=False` and friends</title><link>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/requests-verify-false/</link><guid>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/requests-verify-false/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>Install the right CA bundle; add a fail-closed shim that refuses `verify=False` outside an opt-in test environment.</description></item><item><title>Prototype pollution — `merge`, `assign`, and friends</title><link>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/prototype-pollution-merge/</link><guid>https://security-recipes.ai/prompt-library/general/classic-vulnerable-defaults/prototype-pollution-merge/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>Filter `__proto__` / `constructor` / `prototype` keys at parse boundaries; replace hand-rolled merges with vetted utilities.</description></item><item><title>OWASP Top 10 (2026) — repo audit</title><link>https://security-recipes.ai/prompt-library/general/owasp-top-10-2026-audit/</link><guid>https://security-recipes.ai/prompt-library/general/owasp-top-10-2026-audit/</guid><pubDate>Wed, 22 Apr 2026 00:00:00 GMT</pubDate><description>A tool-agnostic hunt prompt that walks an agent through a structured audit of a repository against every category in the OWASP Top 10 (2026 iteration). The output is a prioritised report with …</description></item><item><title>OWASP Top 10:2025 — repo audit</title><link>https://security-recipes.ai/prompt-library/general/owasp-top-10-2025-audit/</link><guid>https://security-recipes.ai/prompt-library/general/owasp-top-10-2025-audit/</guid><pubDate>Wed, 22 Apr 2026 00:00:00 GMT</pubDate><description>A tool-agnostic hunt prompt that walks an agent through a structured audit of a repository against every category in the OWASP Web Application Top 10:2025. As of 2026-05-02, OWASP&#39;s official …</description></item><item><title>OWASP Top 10 (2026) — remediate</title><link>https://security-recipes.ai/prompt-library/general/owasp-top-10-2026-remediate/</link><guid>https://security-recipes.ai/prompt-library/general/owasp-top-10-2026-remediate/</guid><pubDate>Wed, 22 Apr 2026 00:00:00 GMT</pubDate><description>A tool-agnostic remediation prompt that takes a single finding from an OWASP Top 10 (2026) audit — or any equivalent source — and turns it into a reviewer-ready pull request. Includes …</description></item><item><title>OWASP Top 10:2025 — remediate</title><link>https://security-recipes.ai/prompt-library/general/owasp-top-10-2025-remediate/</link><guid>https://security-recipes.ai/prompt-library/general/owasp-top-10-2025-remediate/</guid><pubDate>Wed, 22 Apr 2026 00:00:00 GMT</pubDate><description>A tool-agnostic remediation prompt that takes a single finding from an OWASP Web Application Top 10:2025 audit — or any equivalent source — and turns it into a reviewer-ready pull request. Includes …</description></item></channel></rss>