Review Security

Cross-Platform AI Agent Skill This skill works with any AI agent platform that supports the skills.sh standard.

Security Review

Comprehensive security analysis targeting OWASP Top 10 2025 vulnerabilities, common bytecode security issues, and language-specific security patterns. This skill performs analysis only - it identifies vulnerabilities, explains findings, and suggests fix approaches without making code changes.

Anti-Hallucination Guidelines

CRITICAL: Security reviews must be based on ACTUAL code analysis and VERIFIED patterns:

1. Read before claiming - Never report vulnerabilities in code that has not been read
2. Evidence-based findings - Every finding must reference specific file paths and line numbers
3. Pattern matching - Use Grep to find actual vulnerable patterns, not hypothetical ones
4. No invented CVEs - Only reference real vulnerabilities when providing context
5. Quantifiable results - Count actual instances, do not estimate
6. No false positives - Verify each finding matches documented vulnerability patterns
7. Scope verification - Only scan files within specified scope (PR/commit/all)