원클릭으로
review-plan-security
Codex-primary single-round security review of the implementation plan across three axes before implementation.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Codex-primary single-round security review of the implementation plan across three axes before implementation.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Conduct a decision-tree interview with the user to lock in requirements, motivation, scope, and non-goals before planning.
Stage 3 of three-stage planning pipeline. Produce a file-level implementation plan via detail-planner/detail-reviewer loop, then get user approval. Inputs are confirmed intent (<session-id>-intent.md) and outline (<session-id>-outline.md) from prior stages.
Edit source code for the current task. Delegates editing and lint/typecheck/self-repair to a subagent.
Plan and write test cases with high reasoning effort. Test iteration runs in a subagent to minimize confirmations.
Explore the codebase to understand existing patterns, constraints, and relevant files before planning.
Investigate git history, docs/history.md, and GitHub issue/PR timeline since the relevant issue opened, to surface changes that may invalidate the issue's premises.
| name | review-plan-security |
| description | Codex-primary single-round security review of the implementation plan across three axes before implementation. |
| model | opus |
| effort | medium |
| context | fork |
Review security implications of the implementation plan via Codex (single round, no re-loop).
RPS-1. Resolve <PLANS_DIR> via skills/_shared/resolve-plans-dir.md. Identify <PLANS_DIR>/<session-id>-detail.md. Initialize EXTENSIONS_USED=0.
RPS-2. Invoke "$AGENTS_CONFIG_DIR/skills/review-plan-security/scripts/run-codex-review-loop.sh" (Bash), exporting AGENTS_CONFIG_DIR, SESSION_ID, PLANS_DIR, EXTENSIONS_USED. Pass CTX_SURVEY_CODE, CTX_SURVEY_HISTORY, CTX_CONCERNS_LOG as env vars when available. Exit-code handling (SSOT: skills/_shared/codex-review-loop.md; exit 1 is TERMINAL):
<PLANS_DIR>/<session-id>-security-plan-codex-round-1-raw.md; present concerns with per-axis severity; propose mitigations; stop (no re-loop) → RPS-3.review-loop-summarize-concerns; present summary; stop → RPS-3.plan-security-reviewer subagent; use its verdict for RPS-4.The three security axes (Information Leakage / Third-Party Access / External Access) and their OWASP/CWE references live in the Codex prompt (bin/review-plan-codex) and the plan-security-reviewer fallback agent.
For code-level pattern scanning after implementation, use /review-code-security.