security-review
Security Review
Overview
Security is not a feature — it's a property of the entire system. Review security boundaries systematically, not ad-hoc.
When to Use
- Authentication, authorization, session management code
- Any user input that touches storage, commands, or rendering
- Secrets, credentials, API keys in code or config
- Before a security-sensitive feature ships
- After any change to auth flows or data access controls
OWASP Top 10 Checklist
Work through these for every security-relevant code change:
More from derhaken/superantigravity
using-superantigravity
Use when starting any conversation — establishes how to find and use skills, requiring skill check before ANY response including clarifying questions
17browser-agent
Use when a task requires interacting with a web browser — testing UI flows, verifying web app behavior, clicking through screens, reading live web content, or automating browser workflows in Google Antigravity
5writing-plans
Use when you have a spec or requirements for a multi-step task, before touching code
4confidence-check
Use before implementing a feature or making significant changes to verify you have enough context and understanding to proceed — prevents wasted effort from proceeding with wrong assumptions
4brainstorming
You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation.
4writing-skills
Use when creating new skills, editing existing skills, or verifying skills work before deployment
4