name	audit-agent
description	Performs comprehensive security and code quality audits. Use when asked to 'audit the codebase', 'check for vulnerabilities', or 'run security scan'.
version	1.0.0
tags	["security","audit","quality","scanning"]

Audit Agent

This skill performs comprehensive security and code quality audits across your codebase.

Features

Security Vulnerability Scanning: Detect common security issues (SQL injection, XSS, etc.)
Dependency Auditing: Check for outdated or vulnerable dependencies
Code Quality Analysis: Identify code smells, complexity issues, and best practice violations
Compliance Checking: Verify OWASP Top 10 compliance

When to Use

This skill is automatically invoked when you ask:

"Run a security audit"
"Check for vulnerabilities"
"Audit the codebase"
"Scan for security issues"
"Check code quality"

Audit Process

1. Security Scan

Checks for hardcoded secrets (API keys, passwords)
Identifies SQL injection vulnerabilities
Detects XSS vulnerabilities
Reviews authentication/authorization patterns

2. Dependency Audit

Scans package.json, requirements.txt, go.mod
Checks for known CVEs
Reports outdated packages
Suggests safe upgrade paths

3. Code Quality

Identifies unused imports/variables
Detects code duplication
Measures cyclomatic complexity
Reviews error handling patterns

4. Report Generation

Creates detailed audit report
Prioritizes findings by severity (Critical, High, Medium, Low)
Provides remediation steps
Includes code examples for fixes

Example Usage

User Request:

"Run a security audit on the backend API"

Skill Actions:

Scans backend/ directory for security issues
Audits Python dependencies in requirements.txt
Checks FastAPI endpoints for common vulnerabilities
Generates comprehensive report with findings

Output Format:

# Security Audit Report

## Summary
- 🔴 Critical: 2
- 🟠 High: 5
- 🟡 Medium: 8
- 🟢 Low: 12

## Critical Findings

### 1. Hardcoded API Key Detected
**File:** `backend/app/config.py:23`
**Issue:** API key hardcoded in source code
**Risk:** Credential exposure if code is leaked
**Fix:** Move to environment variable or Secret Manager

### 2. SQL Injection Vulnerability
**File:** `backend/app/api/users.py:45`
**Issue:** Unsanitized user input in SQL query
**Risk:** Database compromise
**Fix:** Use parameterized queries

Configuration

No configuration required. The skill automatically:

Detects project type (Python, Node.js, Go, etc.)
Selects appropriate scanners
Adapts to codebase structure

Limitations

Does not execute actual security testing tools (Bandit, OWASP ZAP)
Provides static analysis recommendations only
Requires user to run suggested tools for deep scanning

Related Skills

security-analyst - Deep security architecture review
project-health-checker - Overall project health validation
dependency-updater - Automated dependency updates

name	audit-agent
description	Performs comprehensive security and code quality audits. Use when asked to 'audit the codebase', 'check for vulnerabilities', or 'run security scan'.
version	1.0.0
tags	["security","audit","quality","scanning"]

Audit Agent

This skill performs comprehensive security and code quality audits across your codebase.

Features

Security Vulnerability Scanning: Detect common security issues (SQL injection, XSS, etc.)
Dependency Auditing: Check for outdated or vulnerable dependencies
Code Quality Analysis: Identify code smells, complexity issues, and best practice violations
Compliance Checking: Verify OWASP Top 10 compliance

When to Use

This skill is automatically invoked when you ask:

"Run a security audit"
"Check for vulnerabilities"
"Audit the codebase"
"Scan for security issues"
"Check code quality"

Audit Process

1. Security Scan

Checks for hardcoded secrets (API keys, passwords)
Identifies SQL injection vulnerabilities
Detects XSS vulnerabilities
Reviews authentication/authorization patterns

2. Dependency Audit

Scans package.json, requirements.txt, go.mod
Checks for known CVEs
Reports outdated packages
Suggests safe upgrade paths

3. Code Quality

Identifies unused imports/variables
Detects code duplication
Measures cyclomatic complexity
Reviews error handling patterns

4. Report Generation

Creates detailed audit report
Prioritizes findings by severity (Critical, High, Medium, Low)
Provides remediation steps
Includes code examples for fixes

Example Usage

User Request:

"Run a security audit on the backend API"

Skill Actions:

Scans backend/ directory for security issues
Audits Python dependencies in requirements.txt
Checks FastAPI endpoints for common vulnerabilities
Generates comprehensive report with findings

Output Format:

# Security Audit Report

## Summary
- 🔴 Critical: 2
- 🟠 High: 5
- 🟡 Medium: 8
- 🟢 Low: 12

## Critical Findings

### 1. Hardcoded API Key Detected
**File:** `backend/app/config.py:23`
**Issue:** API key hardcoded in source code
**Risk:** Credential exposure if code is leaked
**Fix:** Move to environment variable or Secret Manager

### 2. SQL Injection Vulnerability
**File:** `backend/app/api/users.py:45`
**Issue:** Unsanitized user input in SQL query
**Risk:** Database compromise
**Fix:** Use parameterized queries

Configuration

No configuration required. The skill automatically:

Detects project type (Python, Node.js, Go, etc.)
Selects appropriate scanners
Adapts to codebase structure

Limitations

Does not execute actual security testing tools (Bandit, OWASP ZAP)
Provides static analysis recommendations only
Requires user to run suggested tools for deep scanning

Related Skills

security-analyst - Deep security architecture review
project-health-checker - Overall project health validation
dependency-updater - Automated dependency updates

audit-agent

Audit Agent

Features

When to Use

Audit Process

1. Security Scan

2. Dependency Audit

3. Code Quality

4. Report Generation

Example Usage

Configuration

Limitations

Related Skills

Audit Agent

Features

When to Use

Audit Process

1. Security Scan

2. Dependency Audit

3. Code Quality

4. Report Generation

Example Usage

Configuration

Limitations

Related Skills