Security-focused code review mapped to OWASP Top 10 and ASVS. Use when reviewing pull requests, auditing files or modules for vulnerabilities, or performing pre-merge security gate checks. Covers injection, auth, authorization, cryptography, data exposure, misconfiguration, and deserialization.
Installation
Mit Codex oder Claude installieren Kopieren Sie diesen Prompt, fügen Sie ihn in Codex, Claude oder einen anderen Assistant ein und lassen Sie die Skill-Seite prüfen und installieren.
Security-focused code review mapped to OWASP Top 10 and ASVS. Use when reviewing pull requests, auditing files or modules for vulnerabilities, or performing pre-merge security gate checks. Covers injection, auth, authorization, cryptography, data exposure, misconfiguration, and deserialization.
license
CC-BY-4.0
Security Code Review
Review code for security vulnerabilities by following the full procedure in plays/code-review-security.md.
Steps
Scope & Context — Establish language/framework, trust boundary (server/client/library/CLI), data sensitivity (PII, credentials, financial), and exposure (internet-facing, internal, local).
Systematic Review by Vulnerability Class (priority order):
Diff-Specific Analysis (for PRs) — Focus on changed lines plus context, verify security controls preserved, check new endpoints match auth patterns, look for removed security controls.
Produce Findings — Cite file:line, show vulnerable snippet, explain attack scenario, provide fixed code, rate confidence.
Output
Scope summary, findings sorted by severity using templates/finding.md, positive observations (good security controls in place), and severity count table.