Claude Code secure-dev skill targets APIs, auth

This is a useful codification of “shift security left” for agentic coding: instead of treating security as a late-stage checklist, it tries to make secure defaults part of the workflow itself.

• –The strongest angle is breadth: it covers the full SDLC, not just secure coding, which makes it more practical for real projects.
• –The LLM-specific material is timely; prompt injection, OpenAPI hardening, and AI integration are areas many generic security guides still miss.
• –The big question is enforcement: a skill can nudge better behavior, but it won’t replace threat modeling, review gates, or runtime controls in a serious production environment.
• –As an early open-source repo release, it looks more like a solid foundation and reusable playbook than a mature, battle-tested product.
• –The most obvious gaps to add would be cloud IAM hardening patterns, dependency/provenance controls, and concrete org-policy examples for teams shipping regulated systems.