secure-code-review
Secure Code Review Skill
Purpose
Establish security-focused code review practices across all Hack23 projects, ensuring security vulnerabilities, insecure patterns, and compliance violations are identified and remediated before code reaches production.
Rules
Review Requirements
MUST:
- Review all code changes for security implications before merging
- Use automated security scanning (CodeQL, Dependabot) as first line of defense
- Check for OWASP Top 10 vulnerabilities in every review
- Verify proper input validation and output encoding
- Confirm no secrets, credentials, or keys in code or configuration
- Validate proper error handling (no information leakage)
- Check authorization controls on new endpoints or resources
- Verify proper use of cryptographic functions
More from hack23/homepage
github-actions-cicd
GitHub Actions workflow structure, security scanning integration (CodeQL, ZAP), Lighthouse audits, minification, and deployment automation
108html-css-best-practices
Semantic HTML5, CSS custom properties, responsive design, and performance optimization for web development
91agentic-workflow-orchestration
Multi-agent coordination, orchestrator-worker patterns, /plan decomposition, and project coordination for GitHub Agentic Workflows
61product-documentation
Product documentation standards covering user guides, feature documentation, release notes, and end-user communication
52c4-modeling
C4 model (Context, Container, Component, Code) diagram patterns with Mermaid syntax for architecture documentation
33aws-s3-cloudfront
AWS S3 bucket configuration, CloudFront distribution setup, security headers (CSP, HSTS), cache policies, and SSL/TLS configuration
32