with one click
security
Security audit workflow - vulnerability scan → verification
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Menu
Security audit workflow - vulnerability scan → verification
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
| name | security |
| description | Security audit workflow - vulnerability scan → verification |
Dedicated security analysis for sensitive code.
┌─────────┐ ┌───────────┐
│ aegis │───▶│ arbiter │
│ │ │ │
└─────────┘ └───────────┘
Security Verify
audit fixes
| # | Agent | Role | Output |
|---|---|---|---|
| 1 | aegis | Comprehensive security scan | Vulnerability report |
| 2 | arbiter | Verify fixes, run security tests | Verification report |
The /review workflow focuses on code quality. Security needs:
Task(
subagent_type="aegis",
prompt="""
Security audit: [SCOPE]
Scan for:
**Injection Attacks:**
- SQL injection
- Command injection
- XSS (Cross-Site Scripting)
- LDAP injection
**Authentication/Authorization:**
- Broken authentication
- Session management issues
- Privilege escalation
- Insecure direct object references
**Data Protection:**
- Sensitive data exposure
- Hardcoded secrets/credentials
- Insecure cryptography
- Missing encryption
**Configuration:**
- Security misconfigurations
- Default credentials
- Verbose error messages
- Missing security headers
**Dependencies:**
- Known vulnerable packages
- Outdated dependencies
- Supply chain risks
Output: Detailed report with:
- Severity (CRITICAL/HIGH/MEDIUM/LOW)
- Location (file:line)
- Description
- Remediation steps
"""
)
Task(
subagent_type="arbiter",
prompt="""
Verify security fixes: [SCOPE]
Run:
- Security-focused tests
- Dependency audit (npm audit, pip audit)
- Re-check reported vulnerabilities
- Verify fixes don't introduce regressions
Output: Verification report
"""
)
User: /security
→ Scan entire codebase
User: /security authentication
→ Focus on auth-related code
User: /security src/api/auth.py
→ Deep dive on one file
User: /security --deps
→ Only dependency vulnerabilities
User: /security the payment processing code
Claude: Starting /security audit for payment code...
Phase 1: Security audit...
[Spawns aegis]
┌─────────────────────────────────────────────────────────────┐
│ Security Audit Report │
├─────────────────────────────────────────────────────────────┤
│ Scope: src/services/payment/ │
│ Files scanned: 12 │
│ Lines analyzed: 2,847 │
├─────────────────────────────────────────────────────────────┤
│ CRITICAL (1) │
│ ────────── │
│ [C1] SQL Injection in payment.py:89 │
│ query = f"SELECT * FROM orders WHERE id = {order_id}" │
│ Fix: Use parameterized queries │
│ │
│ HIGH (2) │
│ ──────── │
│ [H1] Hardcoded API key in stripe_client.py:12 │
│ STRIPE_KEY = "sk_live_..." │
│ Fix: Move to environment variable │
│ │
│ [H2] Missing input validation in refund.py:45 │
│ amount = request.json['amount'] # No validation │
│ Fix: Validate amount is positive number │
│ │
│ MEDIUM (1) │
│ ────────── │
│ [M1] Verbose error messages in error_handler.py:23 │
│ return {"error": str(e)} # Leaks internal details │
│ Fix: Return generic message, log details internally │
│ │
│ LOW (0) │
│ ─────── │
│ None │
├─────────────────────────────────────────────────────────────┤
│ Summary: 1 critical, 2 high, 1 medium, 0 low │
│ Status: BLOCKING - Fix critical issues before release │
└─────────────────────────────────────────────────────────────┘
Fix the critical and high issues, then run:
/security --verify
User: /security --verify
Claude: Phase 2: Verifying fixes...
[Spawns arbiter]
✅ C1: SQL injection fixed - using parameterized queries
✅ H1: API key moved to environment variable
✅ H2: Input validation added
✅ M1: Error messages sanitized
All security tests passing.
Security audit: PASSED
| Risk | Checked |
|---|---|
| A01 Broken Access Control | ✅ |
| A02 Cryptographic Failures | ✅ |
| A03 Injection | ✅ |
| A04 Insecure Design | ✅ |
| A05 Security Misconfiguration | ✅ |
| A06 Vulnerable Components | ✅ |
| A07 Auth Failures | ✅ |
| A08 Data Integrity Failures | ✅ |
| A09 Logging Failures | ✅ |
| A10 SSRF | ✅ |
--deps: Dependencies only--verify: Re-run after fixes--owasp: Explicit OWASP Top 10 report--secrets: Focus on secret detectionCreate git commits with user approval and no Claude attribution
Create or update continuity ledger for state preservation across clears
Create handoff document for transferring work to another session
Debug issues by investigating logs, database state, and git history
Generate comprehensive PR descriptions following repository templates
Deep interview process to transform vague ideas into detailed specs. Works for technical and non-technical users.