一键导入
redteam-source-audit
Focused source-code security review workflow for web applications, CMS extensions, APIs, and supporting services.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Focused source-code security review workflow for web applications, CMS extensions, APIs, and supporting services.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Focused methodology for authorized CMS fingerprinting, component inventory, misconfiguration review, and vulnerability validation.
Focused workflow for validating exploitability safely and turning candidate issues into reproducible, bounded proof.
Focused reconnaissance workflow for authorized security assessments, bug bounty triage, lab targets, and CTF infrastructure.
Focused reporting workflow for converting verified red-team work into clear, reproducible assessment artifacts.
Expertise in offensive security research, vulnerability analysis, CMS-focused application testing, and red team operations.
| name | redteam-source-audit |
| description | Focused source-code security review workflow for web applications, CMS extensions, APIs, and supporting services. |
Focused source-code security review workflow for web applications, CMS extensions, APIs, and supporting services.
Activate when the user asks to:
SC-001, SC-002, etc.Return Markdown with:
Scope interpretedSource mapRisk-ranked review targetsCandidate findings
IDClaimEvidenceSource → sink tracePreconditionsImpactVerification stepsNegative controlConfidenceWhat could falsify thisNon-findings / dead endsCommands and files reviewedVerifier handoffReport notesA candidate must cite observable repository evidence: file path, symbol, route, config, package metadata, or command result. If the evidence is incomplete, label it as a hypothesis and state the missing proof.
.github/workflows/), GitLab CI, and Jenkinsfiles for script injection, vulnerable runners, or token exposure (e.g., pull_request_target).unserialize() (PHP), pickle.loads() (Python), or ObjectInputStream (Java). Identify gadget chains using ysoserial or phpggc.