security-review
Installation
SKILL.md
Security Review
Review Checklist
Authentication
- Strong password requirements enforced
- MFA implemented for sensitive operations
- Session tokens are cryptographically secure
- Session timeout is appropriate
- Logout properly invalidates session
Authorization
- Access controls checked server-side
- Least privilege principle applied
- Role-based access properly implemented
- Direct object references validated