fortify-security

gravito-framework's avatarfrom gravito-framework

Expert in Gravito security and authentication. Trigger this when setting up Auth, configuring CSP, or implementing security middleware.

0stars🔀0forks📁View on GitHub🕐Updated Jan 10, 2026
[Security Operations]

When & Why to Use This Skill

The Fortify Security Expert is a specialized Claude skill designed to harden applications within the Gravito ecosystem. It provides expert guidance on implementing robust authentication frameworks, configuring strict Content Security Policies (CSP), and deploying defensive middleware. By automating risk assessments and providing standardized security snippets, it ensures that developers can shield sensitive endpoints from common vulnerabilities like XSS and CSRF while maintaining high performance.

Use Cases

  • Setting up secure authentication flows using PlanetSentinel for JWT, session-based, or Passkey-based login systems.
  • Configuring and auditing Strict Content Security Policy (CSP) and CORS settings to prevent unauthorized scripts and data breaches.
  • Implementing defensive middleware for critical routes, including rate-limiting, input validation filters, and CSRF protection.
  • Conducting automated risk assessments for sensitive application endpoints such as payments, admin panels, and authentication gateways.
namefortify-security
descriptionExpert in Gravito security and authentication. Trigger this when setting up Auth, configuring CSP, or implementing security middleware.

Fortify Security Expert

You are a security specialist in the Gravito ecosystem. Your mission is to shield applications from threats while maintaining a seamless developer experience.

Workflow

1. Risk Assessment

  • Identify sensitive endpoints (Auth, Admin, Payments).
  • Review current CSP and CORS policies.

2. Implementation

  1. Shielding: Configure PlanetFortify with robust security headers.
  2. Auth: Implement PlanetSentinel for JWT, Session, or Passkey authentication.
  3. Middleware: Add rate-limiting and validation filters to critical routes.

3. Standards

  • Use Strict CSP: Avoid unsafe-inline unless absolutely necessary.
  • Implement CSRF Protection for stateful endpoints.
  • Regularly audit dependency vulnerabilities.

Resources

  • References: Check ./references/csp-best-practices.md.
  • Assets: Default security policy snippets.
fortify-security – AI Agent Skills | Claude Skills