infra-security-review
Installation
SKILL.md
Infrastructure Security Review Patterns
Security checklists and grep patterns for reviewing IaC code. Use these patterns when verifying infrastructure security.
Security Checklists
State Backend Security
| Check | Severity | Pattern |
|---|---|---|
| S3 bucket without encryption | Critical | encrypt = false or missing |
| Missing state locking | High | No DynamoDB table configured |
| Public bucket policy | Critical | block_public_* not all true |
| Missing versioning | Medium | versioning not enabled |