원클릭으로
authz-check
Verify that an endpoint checks ownership, not just authentication. Use on any handler that reads or mutates user data.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Verify that an endpoint checks ownership, not just authentication. Use on any handler that reads or mutates user data.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Review a diff against the goal spec assuming the code is BROKEN. The reviewer that lives in the maker's head always agrees with itself — this pulls review into a hostile, separate pass. Invoke after every code change before marking work done.
Find the exact commit that introduced a bug. Use when something worked before and broke, and you don't know which change did it.
Turn a set of commits or a diff into a clean, user-facing changelog entry. Use before a release or PR description.
Turn messy WIP into clean, atomic commits with messages that explain why. Use before opening a PR.
Keep the agent's context lean so accuracy doesn't collapse. Use on long sessions, big files, or when the agent starts hallucinating.
Make frontend output look intentional, not AI-generated. Use for any UI work — components, pages, layouts.
| name | authz-check |
| description | Verify that an endpoint checks ownership, not just authentication. Use on any handler that reads or mutates user data. |
| when_to_use | new/changed endpoint, "get user X's data", a mutation, an admin action |
The most common security hole: the code checks you're logged IN, but not that you OWN the thing.
WHERE id = ? AND owner_id = current_user — not just WHERE id = ?.