// Auto-triggered security checklist. Activates when editing API endpoint files, configuration files, Dockerfiles, or dependency manifests. Runs a structured security review automatically โ no slash command needed.
| name | security-review |
| description | Auto-triggered security checklist. Activates when editing API endpoint files, configuration files, Dockerfiles, or dependency manifests. Runs a structured security review automatically โ no slash command needed. |
| triggers | ["**/*router*.py","**/*endpoint*.py","**/*api*.py","**/*config*.py","**/Dockerfile*","**/*.env.example","**/requirements*.txt","**/pyproject.toml"] |
This skill runs automatically when the above file patterns are modified.
config.py.env.example uses placeholder values only (e.g., GROQ_API_KEY=your_key_here)USER appuser present)python:latest)ENV in Dockerfile (use runtime injection)pip audit to check for known CVEsFor each item that FAILS, report:
[SECURITY] path/to/file.py:line โ Description of issue
Fix: Specific remediation step
If all items PASS, report: "โ Security checklist passed โ no issues found."