ワンクリックで
security-review
Security scanning and vulnerability assessment — standardized code security review playbook
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Security scanning and vulnerability assessment — standardized code security review playbook
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Continuously improves the project by checking docs (web, Context7, opencode), using LSPs for code context, monitoring skills/plugins/scripts, and adapting best practices.
Continuity management — preserves context, maintains thermal maps, and serializes states across sessions
Read diffs carefully, identify risks, and produce review feedback that is specific and actionable.
Write accurate docs, keep references current, and capture verified behavior only.
Branching, rebasing, commit hygiene, and review-friendly history for agency delivery.
Use the language server for precise navigation, symbol lookup, refactoring, and diagnostics.
| name | security-review |
| description | Security scanning and vulnerability assessment — standardized code security review playbook |
| license | MIT |
| compatibility | opencode |
| metadata | {"audience":"developers","workflow":"security"} |
This skill provides a standardized, context-efficient playbook for the Build or Architect agents to perform code security reviews before pushing to the repository. It focuses on identifying vulnerabilities in Systems Code, Backend PHP Framework, and Modern JS Framework specific to the project's Phase constraints.
/security-review.git commit or merging a Phase branch.git MCP to identify all modified files in the current working tree.innerHTML) and improper state mutations.assets/report-template.md.assets/report-template.md to format your findings. This ensures consistent, machine-readable outputs that the Documentarian can log into the Knowledge Graph.Do not output raw code fixes in the initial report unless explicitly requested. Provide the vulnerability path and the conceptual fix. Wait for the user to authorize the Build agent to apply the fixes.