<skill_overview> Maintain Rust safety guarantees and reduce security risks

Using unsafe code Handling untrusted input FFI boundaries Working with shared state

The Rustonomicon - Meet Safe and Unsafe The Rustonomicon - What Unsafe Does

</skill_overview> <safe_vs_unsafe>

Prefer safe Rust; avoid unsafe unless strictly necessary Keep unsafe blocks small and well-audited Document invariants required by unsafe code

</safe_vs_unsafe> <unsafe_boundaries>

Validate all inputs to unsafe functions Wrap unsafe code in safe, minimal APIs Never create invalid values (bad enum discriminants, null fn pointers)

</unsafe_boundaries> <input_validation>

Treat external input as untrusted Parse into validated types (newtypes, enums) Fail fast on invalid input

</input_validation> <secrets_handling>

Do not log secrets or credentials Avoid keeping secrets in long-lived Strings

</secrets_handling> <anti_patterns> Large unsafe blocks without invariants Parsing input without validation Logging sensitive data </anti_patterns>