iblai-vibe-security-owasp-audit
Installation
SKILL.md
/iblai-vibe-security-owasp-audit
Run a systematic source-code audit against the OWASP Top 10 (2021). Ship concrete findings with file/line references and remediation.
Do NOT write exploits. Every finding ships with a fix.
Step 0: Scope the Audit
- Identify language, framework, and architecture.
- Map entry points — routes, API handlers, form processors.
- Trace data flows — user input -> processing -> storage -> output.
- Locate authentication and authorization boundaries.
Multi-tenant B2B SaaS (the typical ibl.ai shape) makes A01 and permission-bypass paths the highest-leverage targets — sweep those first.
Audit Checklist
Walk each category. Grep for known sinks, then read flagged files to confirm.