ワンクリックでManusで任意のスキルを実行

始める

security-audit

スター0

フォーク0

更新日2026年2月13日 03:58

Deep security audit of the codebase (Janet Moore's workflow)

インストール

Codex または Claude でインストールこの Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。

Manusで実行

ソース

g-zenr

g-zenr/relay-api

GitHub リポジトリを開く Creator のリポジトリを見る

ダウンロード

Manusで実行

Audit Checklist

1. Authentication & Authorization

Read the dependencies/DI file — verify timing-safe comparison (see stack concepts) is used, not equality operator
Verify health/readiness endpoints bypass auth via the public DI dependency
Verify ALL state-changing endpoints require auth when API key is configured
Check error messages are uniform — no enumeration clues

2. Input Validation

Read the models/schemas file — verify all fields have type constraints
Check identifier parameters use appropriate validation constraints
Check state parameters use enum types — no raw strings
Verify typed schemas (see stack concepts) are used on every endpoint (no raw object parsing)

3. Information Leakage

Search for traceback, stack, __file__, __name__ in API responses
Verify all error responses use the error response model
Check no internal paths, class names, or implementation details in 4xx/5xx responses
Verify logging never outputs API keys or secrets

4. Audit Trail

Verify ALL state-changing operations produce audit log entries
Check audit entries include: action, identifier, state, timestamp
Verify all state-changing service methods produce audit entries

5. Rate Limiting

Read the middleware file — verify per-client IP rate limiting
Check 429 response includes Retry-After header
Verify rate limit is configurable via the project's env vars

6. CORS & Headers

Check CORS origins come from config, not hardcoded
Verify CORS is configurable via the project's env vars

7. Dependencies

Run dependency audit command if available to check for known CVEs
Review the requirements file for outdated or vulnerable packages

Output Format

Group findings by severity: Critical, High, Medium, Low, Info Include specific file:line references and remediation steps for each finding.

このリポジトリの他の Skills

同じリポジトリ

add-device

g-zenr/relay-api

Add a new implementation of the primary protocol/interface (Alex Rivera's workflow)

2026-02-130

add-endpoint

g-zenr/relay-api

Add a new API endpoint following all project standards

2026-02-130

add-feature

g-zenr/relay-api

Plan and implement a complete feature end-to-end across all layers

2026-02-130

audit

g-zenr/relay-api

Full codebase audit — dead code, layer violations, concurrency, observability, code quality

2026-02-130

ci-cd

g-zenr/relay-api

Set up or update GitHub Actions CI/CD pipeline (Marcus Chen's workflow)

2026-02-130

cleanup

g-zenr/relay-api

Remove dead code, unused imports, stale files, and fix code quality issues found by /audit

2026-02-130

name	security-audit
description	Deep security audit of the codebase (Janet Moore's workflow)

Perform a security audit following Janet Moore's standards.

Audit Checklist

1. Authentication & Authorization

Read the dependencies/DI file — verify timing-safe comparison (see stack concepts) is used, not equality operator
Verify health/readiness endpoints bypass auth via the public DI dependency
Verify ALL state-changing endpoints require auth when API key is configured
Check error messages are uniform — no enumeration clues

2. Input Validation

Read the models/schemas file — verify all fields have type constraints
Check identifier parameters use appropriate validation constraints
Check state parameters use enum types — no raw strings
Verify typed schemas (see stack concepts) are used on every endpoint (no raw object parsing)

3. Information Leakage

Search for traceback, stack, __file__, __name__ in API responses
Verify all error responses use the error response model
Check no internal paths, class names, or implementation details in 4xx/5xx responses
Verify logging never outputs API keys or secrets

4. Audit Trail

Verify ALL state-changing operations produce audit log entries
Check audit entries include: action, identifier, state, timestamp
Verify all state-changing service methods produce audit entries

5. Rate Limiting

Read the middleware file — verify per-client IP rate limiting
Check 429 response includes Retry-After header
Verify rate limit is configurable via the project's env vars

6. CORS & Headers

Check CORS origins come from config, not hardcoded
Verify CORS is configurable via the project's env vars

7. Dependencies

Run dependency audit command if available to check for known CVEs
Review the requirements file for outdated or vulnerable packages

Output Format

Group findings by severity: Critical, High, Medium, Low, Info Include specific file:line references and remediation steps for each finding.