// Use when conducting security assessments, CVSS scoring, or auditing PHP/TYPO3 projects against OWASP Top 10 and CWE Top 25.
Connect your Telegram bot to other bots via AgentWire relay — use when user wants to register on AgentWire, contact another bot, send/receive messages between bots, manage connections, or check agent status
Connect your Telegram bot to other bots via AgentWire relay — use when user wants to register on AgentWire, contact another bot, send/receive messages between bots, manage connections, or check agent status
Full development workflow: pick Linear task, branch, implement, PR with Copilot review, merge, close. Use when starting a new task, creating PRs, or managing the dev cycle.
Improve typography by fixing font choices, hierarchy, sizing, weight consistency, and readability. Makes text feel intentional and polished.
| name | security-audit |
| description | Use when conducting security assessments, CVSS scoring, or auditing PHP/TYPO3 projects against OWASP Top 10 and CWE Top 25. |
Security audit patterns (OWASP Top 10, CWE Top 25 2025, CVSS v4.0) and GitHub project security checks for any project. Deep automated PHP/TYPO3 code scanning with 80+ checkpoints and 19 reference guides.
owasp-top10.md, cwe-top25.md, xxe-prevention.md, cvss-scoring.md, api-key-encryption.mddeserialization-prevention.md, path-traversal-prevention.md, file-upload-security.md, input-validation.mdauthentication-patterns.md, security-headers.md, security-logging.md, cryptography-guide.mdframework-security.md (TYPO3, Symfony, Laravel)modern-attacks.md, cve-patterns.md, php-security-features.mdci-security-pipeline.md, supply-chain-security.md, automated-scanning.mdAll files located in references/.
XML parsing (prevent XXE):
$doc->loadXML($input, LIBXML_NONET);
SQL (prevent injection):
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$id]);
Output (prevent XSS):
echo htmlspecialchars($input, ENT_QUOTES | ENT_HTML5, 'UTF-8');
API keys (encrypt at rest):
$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
$encrypted = 'enc:' . base64_encode($nonce . sodium_crypto_secretbox($apiKey, $nonce, $key));
Password hashing:
$hash = password_hash($password, PASSWORD_ARGON2ID);
For automated scanning tools (semgrep, trivy, gitleaks), see references/automated-scanning.md.
semgrep --config auto passes with no high-severity findingstrivy fs --severity HIGH,CRITICAL reports no unpatched CVEsgitleaks detect finds no leaked secrets# PHP project security audit
./scripts/security-audit.sh /path/to/project
# GitHub repository security audit
./scripts/github-security-audit.sh owner/repo
Contributing: https://github.com/netresearch/security-audit-skill