Nextjs Guideline: Security — Validate Server Action input. Description: Server Actions are public endpoints. Do: Validate and authorize in Server Action. Don't: Trust Server Action input. Good Example: Auth check + validation in action. Bad Example: Direct database call without check. Severity: High. Docs: .