ワンクリックで
security-audit
Diagnostic playbook for scanning vulnerabilities, verifying secret exclusion, and executing OWASP Top 10 compliance audits.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Diagnostic playbook for scanning vulnerabilities, verifying secret exclusion, and executing OWASP Top 10 compliance audits.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | security-audit |
| description | Diagnostic playbook for scanning vulnerabilities, verifying secret exclusion, and executing OWASP Top 10 compliance audits. |
This playbook outlines steps for auditing code changes against security guidelines, secret exposure risks, and library vulnerabilities.
.env and other local credentials files are explicitly ignored in .gitignore..env.example) containing placeholders rather than values.bandit for Python, eslint-plugin-security for JavaScript/TypeScript, or CodeQL) to scan the codebase for structural vulnerabilities.npm audit or pnpm auditpip-audit or safety checkgovulncheck ./...To guarantee that the agent installation is secure and does not compromise target repositories:
requests==2.31.0 in requirements.txt or specific package lockfile hashes like package-lock.json or poetry.lock). Avoid dynamic range specifiers (like * or >=) to prevent dependency confusion attacks.eval()), or unverified binary blobs.Playbook for capturing design alignment from /grill-me, generating issue specifications, and managing task boards.
Playbook instructing agents how to dynamically formulate, design, bootstrap, and register new workspace skills when facing skill gaps.
Playbook for translating natural language requests about tasks, profiles, locking, and validation into CLI helper executions.
Playbook for writing safe database migrations, managing schema evolutions, executing reversible rollbacks, and avoiding table lock contention in enterprise environments.
Guidelines for CPU profiling, identifying database query bottlenecks (N+1 queries), diagnosing memory leaks, and optimizing resource execution speeds.
Guidelines for containerization (Dockerfile best practices), release versioning, blue-green deployment, feature flag rollouts, and post-deployment smoke verification.