CLAUDE.md · CLAUDE.md (Project)
Security Guidelines
Security rules Claude Code should follow
securityguidelinessafety
Template content
# Security Rules - Never hardcode secrets, API keys, or credentials - Use environment variables for all sensitive config - Sanitize all user inputs before database queries - Use parameterized queries, never string concatenation for SQL - Validate file paths to prevent directory traversal - Set appropriate CORS headers - Use HTTPS for all external API calls - Never log sensitive data (passwords, tokens, PII) - Follow principle of least privilege for file/API access
Use this template in the editor
Open PromptEditor.io to customize this template, save it, and inject it into any AI chat.
Open the editor