// Perform a security audit of the codebase. Checks for OWASP Top 10, AI-specific vulnerabilities, dependency issues, and configuration problems.
Bump or upgrade declared dependency versions in this pnpm workspace (root and packages/* package.json), with supply-chain checks before and after install. Use when the user asks to upgrade, bump, or refresh npm dependencies in manifests—not only the lockfile.
Check license compatibility, data privacy compliance, and AI ethics. Use when adding dependencies, handling user data, or reviewing regulatory requirements.
Deploy the application or manage infrastructure. Handles Docker builds, CI/CD, and deployment workflows.
Design a UI component with specifications for layout, states, interactions, and accessibility. Use when creating new Vue.js components or redesigning existing ones.
Implement a feature or fix a bug following the project's TypeScript patterns and conventions. Use when code changes are needed.
Create a structured implementation plan for a feature, refactoring, or multi-step task. Use as the first step in the pipeline before /orchestrate. Produces a plan that the orchestrator can turn into a delegation plan.
| name | security-audit |
| description | Perform a security audit of the codebase. Checks for OWASP Top 10, AI-specific vulnerabilities, dependency issues, and configuration problems. |
| argument-hint | [scope: 'full', 'dependencies', 'ai-agents', or specific file paths] |
| context | fork |
| agent | security |
| allowed-tools | Bash(pnpm audit*), Bash(grep *), Bash(git *) |
Perform a security audit with the following scope:
$ARGUMENTS
pnpm audit
Review all known vulnerabilities in dependencies.
Scan for common vulnerability patterns:
Review the secure_agent pattern and verify:
Produce a security report with findings classified by severity:
Each finding includes: location, vulnerability, impact, and remediation steps.