Covers the essentials for locking down Quarkus apps: JWT and OIDC authentication, role-based access control with @RolesAllowed, input validation with Bean Validation, and SQL injection prevention using Panache's parameterized queries. Includes practical examples of custom auth filters, programmatic security checks, password hashing with Bcrypt, and secrets management via environment variables or Vault. The CORS configuration and custom validator samples are actually useful. Activate this when you're adding authentication to endpoints, implementing authorization logic, or hardening an existing Quarkus service. It's surprisingly thorough on the fundamentals without getting academic about threat modeling.
npx skills add https://github.com/affaan-m/everything-claude-code --skill quarkus-security