بنقرة واحدة
security-audit
Comprehensive security and PII audit for public repo. Must be run before every commit.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Comprehensive security and PII audit for public repo. Must be run before every commit.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
| name | security-audit |
| description | Comprehensive security and PII audit for public repo. Must be run before every commit. |
| allowed-tools | Bash, Read, Grep, Glob |
Run a comprehensive security and PII scan across all tracked and staged files in this repository. This is a public repo — nothing sensitive should ever be committed.
Search all tracked files for:
/Users/, /home/)@ pattern in non-URL context)XXX-XX-XXXX and 9-digit variants)Search all tracked files for:
AWS_SECRET, AWS_ACCESS_KEY, aws_secret_access_key)GOOGLE_APPLICATION_CREDENTIALS, service account keys)AZURE_, client secrets)GH_TOKEN, GITHUB_TOKEN, ghp_, gho_)BEGIN.*PRIVATE KEY, BEGIN.*RSA, ssh-rsa, ssh-ed25519 key content)password\s*=, secret\s*=, token\s*=)Search all tracked files for:
127.0.0.1 and 0.0.0.0)Verify no sensitive file types are staged:
.env, .env.* files*.pem, *.key, *.p12, *.pfx filescredentials.json, service-account*.json*.tfstate, *.tfvars (Terraform state/variables with secrets)id_rsa, id_ed25519, id_dsa (SSH private keys)*.kube/config or kubeconfig filesFor each finding, report:
[LEVEL] file:line — description
Levels:
[BLOCK] — commit must not proceed (secrets, credentials, private keys)[WARN] — review required (PII, IPs, hostnames — may be intentional)[OK] — expected finding (127.0.0.1, public URLs, etc.)End with one of:
[WARN] findings, list them for review[BLOCK] findings detected, commit must not proceed until resolvedRun these scans using grep across all git-tracked files (git ls-files). Also check git diff --cached --name-only for any staged files not yet tracked.
$ARGUMENTS