home/productivity/validate-input-handling-prompt

Validate Input Handling.prompt

GPTClaudeDeepSeek··1,314 copies·updated 2026-07-14
validate-input-handling-prompt.prompt
---
agent: "application-security-analyst"
name: validate-input-handling
description: "Audit input validation and sanitization boundaries and risks."
---

# 🛡️ Prompt: Input Validation & Sanitization Audit

## ✅ Context / Assumptions

- You can read project files in this workspace.
- Prefer evidence-first: cite file paths and (when possible) line ranges.
- Do **not** modify files; provide findings and remediation guidance only.

## 🔍 Procedure

1. Inventory untrusted inputs:
    - HTTP params/path/query/body/headers, file uploads, message payloads, env/CLI.
2. Identify validation boundaries:
    - middleware/controllers/DTO binding, schema validators.
3. Flag high-risk patterns:
    - unvalidated inputs reaching sensitive sinks (DB, templates, commands, file paths)
    - implicit coercion, missing bounds, regex ReDoS risk
    - missing allow-lists for enums/keys
4. Recommend hardening:
    - schema-based validation, canonicalization, rejecting unknown fields
    - contextual output encoding
5. Provide verification steps/tests for each fix.

## 📦 Output Format

Return Markdown with:

- **Summary**: top 3 validation gaps + overall risk
- **Findings** (repeat):
  - **Issue**:
  - **Severity / Likelihood**:
  - **Where**:
  - **Evidence**:
  - **Recommendation**:
  - **Verification**:
- **Suggested validation boundary**: where validation should live (and why)

## ✅ Quality checks

- Findings trace data flow from input → sink.
- Each recommendation is specific enough to implement.
- Evidence includes concrete code locations.

when to use it

Community prompt sourced from the open-source GitHub repo Robotti-io/copilot-security-instructions (Apache-2.0). A "Validate Input Handling.prompt" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.

tags

productivitycommunitydeveloper

source

Robotti-io/copilot-security-instructions · Apache-2.0