security-audit-standard
Installation
SKILL.md
Security Audit Standard
Methodology derived from production security audits.
Audit Process
Phase 1: Secret Scanning
Scan for hardcoded credentials in tracked source files.
Targets:
- API keys, tokens, passwords in source (not .env)
- Webhook URLs with tokens
- Database connection strings
- Private keys, certificates
- obfstr!() usage (Rust): still in binary, just obfuscated