一键导入
security-audit
Diagnostic playbook for scanning vulnerabilities, verifying secret exclusion, and executing OWASP Top 10 compliance audits.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Diagnostic playbook for scanning vulnerabilities, verifying secret exclusion, and executing OWASP Top 10 compliance audits.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Playbook for capturing design alignment from /grill-me, generating issue specifications, and managing task boards.
Playbook instructing agents how to dynamically formulate, design, bootstrap, and register new workspace skills when facing skill gaps.
Playbook for translating natural language requests about tasks, profiles, locking, and validation into CLI helper executions.
Playbook for writing safe database migrations, managing schema evolutions, executing reversible rollbacks, and avoiding table lock contention in enterprise environments.
Guidelines for CPU profiling, identifying database query bottlenecks (N+1 queries), diagnosing memory leaks, and optimizing resource execution speeds.
Guidelines for containerization (Dockerfile best practices), release versioning, blue-green deployment, feature flag rollouts, and post-deployment smoke verification.
| name | security-audit |
| description | Diagnostic playbook for scanning vulnerabilities, verifying secret exclusion, and executing OWASP Top 10 compliance audits. |
This playbook outlines steps for auditing code changes against security guidelines, secret exposure risks, and library vulnerabilities.
.env and other local credentials files are explicitly ignored in .gitignore..env.example) containing placeholders rather than values.bandit for Python, eslint-plugin-security for JavaScript/TypeScript, or CodeQL) to scan the codebase for structural vulnerabilities.npm audit or pnpm auditpip-audit or safety checkgovulncheck ./...To guarantee that the agent installation is secure and does not compromise target repositories:
requests==2.31.0 in requirements.txt or specific package lockfile hashes like package-lock.json or poetry.lock). Avoid dynamic range specifiers (like * or >=) to prevent dependency confusion attacks.eval()), or unverified binary blobs.