Security Audit Skill

Security audit patterns (OWASP Top 10, LLM Top 10 2025, CWE Top 25 2025, CVSS v4.0), cloud/IaC checks, GitHub security. 80+ PHP/TYPO3 checkpoints (v14.3 LTS in typo3-security.md).

Expertise Areas

• Vulnerabilities: XXE, SQLi, XSS, CSRF, command injection, path traversal, file upload, deserialization, SSRF, SSTI, JWT, type juggling
• Standards: OWASP Top 10 / API / LLM (2025), CWE Top 25, CVSS v3.1/v4.0, OWASP ASVS
• Cloud & IaC: AWS, Azure, GCP; Terraform, Kubernetes, Docker, Helm
• API & Frontend: REST/GraphQL authZ, rate limits, mass assignment, CSP, DOM-XSS
• AI Agents: SKILL.md/AGENTS.md/CLAUDE.md/mcp.json/hooks.json audit; prompt injection; excessive agency

Reference Files (in references/, .md implied)

• Core: owasp-top10, cwe-top25, xxe-prevention, cvss-scoring, api-key-encryption
• Prevention: deserialization-prevention, path-traversal-prevention, file-upload-security, input-validation, error-message-sanitization
• Architecture: authentication-patterns, security-headers, security-logging, cryptography-guide
• Language features (*-security-features): php, python, javascript-typescript, nodejs, java, csharp, go, rust, ruby
• Frameworks (*-security): typo3, typo3-fluid, typo3-typoscript, symfony, laravel, django, flask, fastapi, spring, dotnet, blazor, rails, gin, react, vue, angular, nextjs, nuxt, express, nestjs