security-audit
Security Audit Workflow
Systematic security assessment that prioritizes CRITICAL/HIGH findings early, and optionally includes MEDIUM findings later (without letting them distract from higher impact work).
How To Start (Natural Language)
Tell me what you want audited and provide the smallest useful scope:
- A whole repo or directory (where the entry points are)
- A specific area/module (what it does, what inputs it accepts)
- A single file (how it is called, what data flows into it)
- A code snippet (what file/function it belongs to, what types/inputs it receives)
If the scope is small (single file/snippet), explicitly list assumptions and what context would change the risk rating.
Core Principles
More from aleister1102/skills
codeql
>-
26ffuf-web-fuzzing
Expert guidance for ffuf web fuzzing during penetration testing, including authenticated fuzzing with raw requests, auto-calibration, and result analysis
24brainstorming
You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation.
24prompt-optimizer
Transform vague prompts into precise, well-structured specifications using EARS (Easy Approach to Requirements Syntax) methodology. This skill should be used when users provide loose requirements, ambiguous feature descriptions, or need to enhance prompts for AI-generated code, products, or documents. Triggers include requests to "optimize my prompt", "improve this requirement", "make this more specific", or when raw requirements lack detail and structure.
24skill-creator
Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, update or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.
23semgrep
>-
23