ワンクリックで
authz-check
Verify that an endpoint checks ownership, not just authentication. Use on any handler that reads or mutates user data.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Verify that an endpoint checks ownership, not just authentication. Use on any handler that reads or mutates user data.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Review a diff against the goal spec assuming the code is BROKEN. The reviewer that lives in the maker's head always agrees with itself — this pulls review into a hostile, separate pass. Invoke after every code change before marking work done.
Find the exact commit that introduced a bug. Use when something worked before and broke, and you don't know which change did it.
Turn a set of commits or a diff into a clean, user-facing changelog entry. Use before a release or PR description.
Turn messy WIP into clean, atomic commits with messages that explain why. Use before opening a PR.
Keep the agent's context lean so accuracy doesn't collapse. Use on long sessions, big files, or when the agent starts hallucinating.
Make frontend output look intentional, not AI-generated. Use for any UI work — components, pages, layouts.
| name | authz-check |
| description | Verify that an endpoint checks ownership, not just authentication. Use on any handler that reads or mutates user data. |
| when_to_use | new/changed endpoint, "get user X's data", a mutation, an admin action |
The most common security hole: the code checks you're logged IN, but not that you OWN the thing.
WHERE id = ? AND owner_id = current_user — not just WHERE id = ?.