security

Secure-coding practice for Tale — the OWASP boundary checklist, the blocking SAST gate (Opengrep), boundary validation with Zod, secret handling, and the sandbox SSRF egress model. Read before touching a request handler, the file system, or a shell; handling secrets or auth; fixing a SAST finding; or working on the sandbox egress. For a full review pass use the built-in security-review skill.