| name | security-audit |
| description | Use this skill to perform a security audit, scan for vulnerabilities,
check OWASP Top 10 issues, or review code for security problems.
Triggered by "security audit", "check security", "find vulnerabilities".
|
| argument-hint | [path or component] |
| allowed-tools | Read, Grep, Glob, Bash |
| context | fork |
| agent | Explore |
Security Audit
Perform a comprehensive security review using OWASP Top 10 as a framework.
Scope
Target: $ARGUMENTS (or entire codebase if not specified)
Checklist
A01 — Broken Access Control
A02 — Cryptographic Failures
A03 — Injection
A04 — Insecure Design
A05 — Security Misconfiguration
A06 — Vulnerable Components
npm audit
A07 — Authentication Failures
A08 — Software Integrity Failures
A09 — Logging Failures
A10 — Server-Side Request Forgery (SSRF)
Output Format
## Security Audit Report
### Critical (fix immediately)
- [file:line] VULN_TYPE — description + remediation
### High (fix before next release)
- [file:line] VULN_TYPE — description + remediation
### Medium (fix in next sprint)
- [file:line] VULN_TYPE — description
### Low / Informational
- [finding] — recommendation
### Dependency Vulnerabilities
[npm audit / pip-audit output summary]
### Score: X/10 critical issues found
$ARGUMENTS