菜单
Combine security scanning and threat modeling for changes involving data handling, API interception, sync, storage, authentication, or encryption.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Expert code reviewer with deep knowledge of software engineering best practices, design patterns, and code quality standards. Use this skill when reviewing code changes, pull requests, or conducting code quality assessments.
QA engineer with expertise in software testing methodologies, test design, and quality assurance practices. Use this skill when planning tests, writing test cases, or improving test coverage and quality.
Required workflow for handling review findings with classification, focused fixes, verification, fresh-context subagent review, and PR artifact updates.
Required workflow for failed or inconclusive CI checks, including artifact-first diagnosis, failure classification, remediation, and check re-watch.
Required finalization workflow before declaring a PR ready, including artifact currency, closed review-fix loops, pushed commits, green checks, and final status reporting.
Improve reliability for network calls, sync, or remote endpoints with timeouts, retries, offline handling, and user feedback.
| name | security-risk |
| description | Combine security scanning and threat modeling for changes involving data handling, API interception, sync, storage, authentication, or encryption. |
| license | MIT |
| tags | ["security","privacy","threat-modeling"] |
| allowed-tools | ["bash","git","markdown"] |
| metadata | {"author":"laurenceputra","version":"1.1.0"} |
Identify security and privacy risks and propose mitigations.
For backend APIs called from browsers:
Access-Control-Allow-Origin is echoed from a vetted allowlist (no wildcard for credentialed/sensitive flows).Vary: Origin when origin-based responses differ.For encrypted sync payload systems: