bmad-security-review
Installation
SKILL.md
BMAD Security Review Skill
When to Invoke
Activate this skill whenever the user:
- Requests a security, privacy, or compliance review of a feature or system.
- Mentions threat modeling, secure design, risk assessment, or penetration testing.
- Asks for guidance on hardening infrastructure, APIs, data flows, or deployment pipelines.
- Needs a remediation backlog prior to launch or certification.
- Receives external audit findings that must be triaged and addressed.
Do not invoke when the user only needs implementation help with security stories—route those to bmad-development-execution once the remediation plan exists.
Mission
Protect the product by exposing security risks early, prioritizing fixes, and embedding mitigations into the delivery plan. Deliver artifacts that downstream skills and teams can execute without ambiguity.
Inputs Required
Related skills
More from bacoco/bmad-skills
bmad-architecture-design
Creates technical architecture and system design.
52bmad-product-planning
Creates PRDs and plans features.
33bmad-ux-design
Designs UX and creates wireframes.
31bmad-discovery-research
Brainstorms ideas and researches projects.
28bmad-story-planning
Breaks epics into developer stories.
25bmad-development-execution
Implements stories with code and tests.
24