원클릭으로
security-scan
Review trust boundaries, auth, input handling, secrets, and dependency risk before release.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Review trust boundaries, auth, input handling, secrets, and dependency risk before release.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Create or update a branch-scoped Coolify review environment with one command, and delete it with one command. Use when a ticket must deploy a preview before human review, while keeping the workflow simple and fast.
Write workflow harness files that define role, status semantics, feedback loops, and durable delivery rules for disposable ticket workspaces.
Clarify ambiguous requests with a focused, Socratic interview before planning or implementation.
Review behavior, risk, performance, and test coverage before style nits.
Turn a clarified spec into milestone-oriented tickets, dependency edges, and stage-gated delivery lanes.
Platform operations for tickets, projects, and runtime coordination inside OpenASE.
| name | security-scan |
| description | Review trust boundaries, auth, input handling, secrets, and dependency risk before release. |
Conduct a security-focused review of the code or change set. Map trust boundaries first, then inspect how untrusted input, credentials, permissions, dependencies, and deployment defaults are handled.
Map the attack surface.
Review authentication and authorization.
Review input handling and injection surfaces.
Review secrets and cryptography.
Review dependency and configuration risk.
Review detection and recovery.
Report severity-rated findings with remediation guidance.
CRITICAL: exploitable issue or active secret exposure; block deployment.HIGH: serious vulnerability or major trust-boundary weakness; fix before release.MEDIUM: meaningful hardening gap or partial control failure.LOW: defense-in-depth improvement or cleanup.Return these sections:
Attack SurfaceFindings - ordered by severity with file and line references where possible.Exploit Path / Impact - why each important issue matters.Remediation - concrete fixes and safer patterns.Residual Risks - remaining uncertainty or unreviewed areas.