// Use when reviewing code for security vulnerabilities. Covers prompt injection, path traversal, command injection, and agent-specific attack vectors.
Use when evaluating whether a proposed change fits the existing architecture. Prevents layer violations, dependency cycles, and accidental coupling.
Use when the user wants a code review instead of implementation. Prioritizes correctness bugs, behavioral regressions, missing tests, and risky assumptions.
Use when reviewing documentation for accuracy, completeness, and alignment with source code. Catches doc-code drift before it confuses readers.
Use when making changes that should be committed. Enforces atomic commits, meaningful messages, and clean history.
Use when investigating slow execution, high memory usage, or excessive token consumption. Systematic measurement before optimization.
Use when improving code structure without changing behavior. Ensures each refactoring step preserves all existing tests.
| name | security-audit |
| description | Use when reviewing code for security vulnerabilities. Covers prompt injection, path traversal, command injection, and agent-specific attack vectors. |
| version | 1.0.0 |
| author | Aixlarity |
| license | Apache-2.0 |
| metadata | {"aixlarity":{"tags":["security","audit","review","safety"],"related_skills":["code-review","systematic-debugging"]}} |
AI coding agents face unique security threats beyond traditional application security:
memory_tool.rs includes pattern scanning for this.read_file("../../etc/passwd"). Aixlarity's trust system restricts this.For every code change, check:
Key security boundaries:
trust.rs — Three-level trust modelagent/permissions.rs — Permission prompt logictools/memory_tool.rs — Memory safety scanningtools/container.rs — Container sandbox