一键导入
security-audit
Run a security-focused code audit with a generic checklist first, then layer on repo-specific risks.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Run a security-focused code audit with a generic checklist first, then layer on repo-specific risks.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Review and update third-party dependencies. Use this when asked to upgrade packages, survey new minor or major releases for useful features, assess whether a repository can adopt them, or validate whether a release looks suspicious before bumping it.
Create a new implementation plan in the repo's planning area.
Process automated PR review comments systematically. Use this for CodeRabbit, Gemini, GitHub Copilot, Devin, Greptile, and similar bots.
| name | security-audit |
| description | Run a security-focused code audit with a generic checklist first, then layer on repo-specific risks. |
Run a security-focused code audit with a generic checklist first, then layer on repo-specific risks.
Start with repo context:
Check for hardcoded secrets:
Review authentication and authorization:
Review input handling:
Review file and storage access when relevant:
Review network and session behavior:
Review dependency risk:
bun audit
Use the repo's equivalent audit command if it does not use Bun. Also check GitHub security or Dependabot alerts when available.
Review AI-specific risks when applicable:
Layer in domain-specific risks:
Report findings by severity:
For each finding include: