This is a proper hardening workflow for Flows apps that actually fixes vulnerabilities instead of just listing them. It walks through six steps in order: mapping attack surfaces, migrating raw CDF calls to the official SDK, eliminating hardcoded secrets, sanitizing dangerous DOM APIs with DOMPurify, checking auth guards and OIDC setup, and validating external input with Zod. The grep commands are specific and the fix instructions are concrete, like wrapping dangerouslySetInnerHTML with DOMPurify.sanitize() or replacing eval() with JSON.parse(). Run this before shipping anything that touches credentials, user input, or external data. It assumes a React/Vite/TypeScript stack and catches the most common ways developers accidentally introduce XSS or injection holes.
npx skills add https://github.com/cognitedata/builder-skills --skill security