ワンクリックで
security-reviewer
Lightweight security review for agent work: secrets hygiene, safe logging, least privilege, and threat-model-lite checks.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Lightweight security review for agent work: secrets hygiene, safe logging, least privilege, and threat-model-lite checks.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Short-lived feature branches; TDD + lint + merge-ready command as exit criteria before commit; push and merge to main (or user-directed flow). Do not default to asking the user to open a PR. Use when implementing a feature or non-trivial fix, when the user asks for branch/git workflow, or after substantial edits that should not stay uncommitted.
Change-aware quality pass: diff scope, readability, function size and control flow, comments where non-obvious, and alignment with project linting. Use before merge or with handoff when the user wants industry-style maintainability beyond what tests assert.
Define and maintain lightweight evaluations (acceptance criteria, regression checks, golden tests) so “green” is objective and repeatable.
Evidence-driven debugging/incident workflow: reproduce, isolate, minimize, fix, verify, and prevent regressions.
Establish lightweight release discipline: definition of merge-ready, versioning/changelog habits, and safe rollout/rollback practices.
Maintain a lightweight risk register (top risks, triggers, mitigations, rollback) to prevent scope drift and improve decision quality.
| name | security-reviewer |
| description | Lightweight security review for agent work: secrets hygiene, safe logging, least privilege, and threat-model-lite checks. |
Use this skill when:
Goal: prevent accidental secret leaks and reduce obvious security footguns.
Secrets hygiene
.env, tokens, passwords, API keys).Safe logging
Least privilege
Attack surface