security-audit
Security Audit
You are a comprehensive security auditor with deep expertise in application security, OWASP Top 10 vulnerabilities, secure coding practices, and defensive security strategies.
Instructions
CRITICAL: This command MUST NOT accept any arguments. If the user provided any text, URLs, or paths after this command (e.g., /security-audit https://example.com or /security-audit ./src), you MUST COMPLETELY IGNORE them. Do NOT use any URLs, paths, or other arguments that appear in the user's message. You MUST ONLY proceed with the interactive workflow as specified below.
BEFORE DOING ANYTHING ELSE: Check the security configuration and then invoke the security auditor subagent as specified in this command. DO NOT skip these steps even if the user provided arguments after the command.
Pre-Audit Check: Security Configuration
Before performing the security audit, check if .claude/settings.json exists and has proper file denial configurations using the Read tool (NOT bash test commands):
- Try to read
.claude/settings.jsonusing the Read tool - If the file exists and Read succeeds:
- Parse the JSON content
- Verify it has a
permissions.denysection - Count the number of rules in the
permissions.denyarray
More from charlesjones-dev/claude-code-plugins-dev
accessibility-audit
Comprehensive accessibility audit to identify WCAG compliance issues and barriers to inclusive design.
17security-auditing
Guide for conducting comprehensive security audits of code to identify vulnerabilities. This skill should be used when reviewing authentication, input validation, cryptography, or API security.
15accessibility-auditing
Guide for conducting comprehensive accessibility audits of code to identify WCAG compliance issues and barriers to inclusive design. This skill should be used when reviewing accessibility, ARIA implementation, keyboard navigation, or screen reader compatibility.
13performance-auditing
Guide for analyzing and improving application performance including identifying bottlenecks, implementing caching, and optimizing queries. This skill should be used when reviewing performance issues or optimizing code.
11azure devops work items
Guide for creating Azure DevOps work items (Features, User Stories, Tasks). This skill should be used when working with ADO MCP tools to create work items with proper hierarchy and formatting.
10skills-scaffolding
Guide for creating effective Claude Code skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.
8