| name | security-audit |
| description | On-demand security audit checklist based on OWASP Top 10. Use when: pre-push security review, auditing new features for vulnerabilities, checking authentication/authorization flows, reviewing API security, validating input sanitization. |
Security Audit Skill
When to Use
- Before any git push (mandatory)
- After implementing authentication or authorization features
- When adding new API endpoints
- When handling user input or file uploads
- When adding new dependencies
- When the Manager flags a security review
Audit Process
Phase 1: Static Analysis
A1. Broken Access Control
A2. Cryptographic Failures
A3. Injection
A4. Insecure Design
A5. Security Misconfiguration
A6. Vulnerable Components
A7. Authentication Failures
A8. Data Integrity Failures
A9. Logging & Monitoring
A10. SSRF
Phase 2: Dynamic Checks
Report Template
# Security Audit Report
**Date**: [Date]
**Scope**: [What was audited]
## Verdict: PASS / FAIL / CONDITIONAL PASS
## Critical (Block Push)
| # | Category | Location | Finding | Impact |
|---|----------|----------|---------|--------|
## High (Fix Before Next Push)
| # | Category | Location | Finding | Impact |
|---|----------|----------|---------|--------|
## Passed Checks
- [x] [List all checks that passed]