secure-coding

# Secure Coding ## Config Resolution Skill support project-custom. Order: 1. Look `.lattice/config.yaml` in repo root 2. If found, check `paths.secure_coding` for custom doc path 3. If custom path exist, read doc, check YAML frontmatter for `mode`: - **`mode: override`** (or no mode): Custom doc take full precedence. Use instead embed default. Must be comprehensive -- sole reference. - **`mode: overlay`**: Read embed `./references/defaults.md` first, then apply custom doc sections on top. Custom sections replace matching sections in default (match by heading). New sections append after default. 4. If no config, no path, or path not found, read `./references/defaults.md` 5. **Language adaptation**: If `paths.language_idioms` exist in config, read **"Error Handling"** section and adapt §1 (Trust Boundary Identification) error message patterns to language idioms. Language idioms take precedence over pseudocode defaults. Default ship with skill, represent opinionated best practice. Work out box any project. Override only when team have specific standard differ from default. ## Self-Validation Checklist STOP after gen each component. Verify ALL before proceed. If check clearly fail, fix code before present. If check judgment call with multiple valid approach (see Ambiguity Signals), flag — present options and reasoning rather than silent choose. 1. **TRUST BOUNDARIES**: Where trusted code meet untrusted data? All boundaries explicit identified? 2. **INP...