review-security
Installation
SKILL.md
Review Security
When To Use
Use this skill for security-focused review or when code touches protected data, authentication, authorization, files, external calls, queues, or APIs.
Inputs Needed
- Threat model, changed files, actors, assets, trust boundaries, routes, jobs, events, and tests.
Workflow
- Identify actors, assets, and trust boundaries.
- Check authentication and authorization.
- Check validation and mass assignment.
- Check output exposure and serialization.
- Check raw queries, file uploads, redirects, SSRF, secrets, logs, queues, and events.
- Check rate limits and abuse paths.
- Verify tests cover denial and malicious input paths.