بنقرة واحدة
security-audit
Run a security-focused code audit with a generic checklist first, then layer on repo-specific risks.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Run a security-focused code audit with a generic checklist first, then layer on repo-specific risks.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
Integrate and use @stll/folio-agents, the framework-neutral LLM tool layer over @stll/folio-core: function-calling tools that read and mutate a .docx document, with every mutation landing as a tracked change or comment pending human review. Load this skill when wiring folio's tools into an agent's tool-use loop (TanStack AI, Vercel AI SDK, raw Anthropic/OpenAI SDKs, or a custom loop), choosing between the headless reviewer bridge and the live-editor-ref bridge, or summarizing what changed between two document versions.
Create a new implementation plan in the repo's planning area.
Shape a feature or problem before implementation. Use this when the request is still fuzzy, when several solutions are possible, or when execution risks outrunning product clarity.
Process automated PR review comments systematically. Use this for CodeRabbit, Gemini, GitHub Copilot, Devin, Greptile, and similar bots.
Track down a behavior that used to work and now fails, changed, or regressed. Use this when a bug report points to a recent breakage, especially when the cause is not obvious yet.
Review and update third-party dependencies. Use this when asked to upgrade packages, survey new minor or major releases for useful features, assess whether a repository can adopt them, or validate whether a release looks suspicious before bumping it.
استنادا إلى تصنيف SOC المهني
| name | security-audit |
| description | Run a security-focused code audit with a generic checklist first, then layer on repo-specific risks. |
Run a security-focused code audit with a generic checklist first, then layer on repo-specific risks.
Start with repo context:
Check for hardcoded secrets:
Review authentication and authorization:
Review input handling:
Review file and storage access when relevant:
Review network and session behavior:
Review dependency risk:
bun audit
Use the repo's equivalent audit command if it does not use Bun. Also check GitHub security or Dependabot alerts when available.
Review AI-specific risks when applicable:
Layer in domain-specific risks:
Report findings by severity:
For each finding include: