This is a production-ready XSS prevention system built around Zod schemas, giving you 11 pre-built validators for everything from emails to contact forms. It handles the tedious security work: sanitizing dangerous characters, validating formats, and giving you type-safe data you can actually trust. The architecture is smart about tradeoffs, removing angle brackets and ampersands while keeping apostrophes so users named O'Neal can still enter their names. Pair it with CSRF protection and rate limiting for API routes that won't get you fined £20 million. The validateRequest helper returns formatted errors automatically, so you're not writing the same validation boilerplate in every route.
npx skills add https://github.com/harperaa/secure-claude-skills --skill input-validation-xss-prevention