一键导入
security-audit
Use this skill to perform a security-focused audit of the codebase to identify vulnerabilities, sandbox escapes, and logic flaws.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Use this skill to perform a security-focused audit of the codebase to identify vulnerabilities, sandbox escapes, and logic flaws.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | security-audit |
| description | Use this skill to perform a security-focused audit of the codebase to identify vulnerabilities, sandbox escapes, and logic flaws. |
Perform a rigorous security assessment of the Epsilon WebAssembly engine. The objective is to identify exploitable vulnerabilities, verify sandbox isolation, and ensure safe host interactions. Do not focus just on local changes, look at the project as a whole.
Your goal is to find flaws that automated tools or basic reviews miss. Do not restrict yourself to a predefined checklist. Instead, employ a systematic, deep-dive methodology:
epsilon/vm.go), host interface boundaries (e.g.,
wasip1/), or memory indexing operations.Never report a bug without actively triggering it locally.
vulnerabilities/[id]/ (e.g., vulnerabilities/VULN-01/)..wasm file that reliably
triggers the flaw inside the specific vulnerability directory.go test -race.go test -fuzz).If a vulnerability is confirmed locally, document it in a README.md file
located within the corresponding vulnerabilities/[id]/ directory using this
exact format:
# [Concise Title of the Issue]
**Severity:** [Critical | High | Medium | Low] **Affected Component:** [File
path and function name] **Bug Type:** [e.g., Path Traversal, OOB Slice Panic,
State Leakage]
## Root Cause
[Strictly technical explanation of the code flaw. Cite specific lines. Explain
the gap between intended logic and actual behavior.]
## Execution Flow
[Step-by-step breakdown of how the PoC triggers the bug.]
## Observable Impact
[Exact result: e.g., "Go panic: index out of range", "Race condition detected".]
## Proposed Remediation
[Provide the specific Go code diff to patch the vulnerability.]
vulnerabilities/ directory.panic on untrusted WASM or invalid
WASI arguments. All bounds and inputs must be validated and returned as
standard Go errors.