wp-plugin-security-audit
EmranAhmed/storepress-base-plugin
Perform a line-by-line security audit of a WordPress/WooCommerce plugin's source code and write findings to a ai-security-audit.md report with risk ratings. Use this skill whenever the user asks to audit, security-check, scan, or review plugin code for vulnerabilities, security issues, or weaknesses — especially when they mention the `includes` directory, a WooCommerce extension, SQLi/XSS/CSRF, nonce/capability/sanitization checks, or want a written security report. Trigger even if the user just says "check my plugin for security issues" without naming a specific vulnerability.