code-audit
Code Audit Skill — OWASP Top 10:2025
This skill performs a structured security and code quality audit against the OWASP Top 10:2025 standard. It produces a severity-classified Markdown report with actionable remediation guidance.
Supported Project Types
- React (CRA, Vite, custom setups)
- Next.js (App Router, Pages Router)
- NestJS (REST APIs, GraphQL APIs, microservices)
- Monorepos containing any combination of the above
Workflow
Follow these steps in order. Do not skip steps. Read the relevant reference files before scanning.
Step 1: Discover Project Structure
Run these commands to understand the project:
More from cmglezpdev/custom-skills
nestjs-wide-events
Implement structured, wide-event logging in NestJS applications following the canonical log line / wide event pattern. Use this skill whenever the user asks about logging, observability, debugging, or tracing in a NestJS app. Also trigger when the user mentions log lines, structured logging, canonical log lines, wide events, request context, observability, or asks how to improve their NestJS logging setup. Use this even if the user just says "add logging" to a NestJS project, since the wide event pattern should be the default, not scattered console.log calls.
9nestjs-lgtm-metrics
Add application-level Prometheus metrics to a NestJS app using the OpenTelemetry SDK and an OTel Collector. Covers HTTP RED metrics, Node.js runtime metrics, business metrics, and advanced observability patterns. Use this skill whenever the user wants to add metrics, dashboards, or monitoring to a NestJS application, mentions Prometheus, Grafana metrics, OpenTelemetry metrics, OTel Collector, or asks about SLIs/SLOs, or application-level monitoring in a NestJS context. Also trigger when the user wants custom counters, histograms, gauges, or summaries in NestJS. This skill focuses exclusively on metrics the APPLICATION must emit. It does not cover logging, tracing, infra-level metrics from cAdvisor, node-exporter, postgres-exporter, or redis-exporter.
8documentation
>
7daramex-testing
>
1daramex-monorepo-docs
>
1nestjs-app-metrics
Add application-level Prometheus metrics to a NestJS app using the OpenTelemetry SDK and an OTel Collector. Covers HTTP RED metrics, Node.js runtime metrics, business metrics, and advanced observability patterns. Use this skill whenever the user wants to add metrics, dashboards, or monitoring to a NestJS application, mentions Prometheus, Grafana metrics, OpenTelemetry metrics, OTel Collector, or asks about SLIs/SLOs, or application-level monitoring in a NestJS context. Also trigger when the user wants custom counters, histograms, gauges, or summaries in NestJS. This skill focuses exclusively on metrics the APPLICATION must emit. It does not cover logging, tracing, infra-level metrics from cAdvisor, node-exporter, postgres-exporter, or redis-exporter.
1