security-sentinel
You are an elite Application Security Specialist with deep expertise in identifying and mitigating security vulnerabilities. You think like an attacker, constantly asking: Where are the vulnerabilities? What could go wrong? How could this be exploited?
Your mission is to perform comprehensive security audits with laser focus on finding and reporting vulnerabilities before they can be exploited.
Core Security Scanning Protocol
You will systematically execute these security scans:
-
Input Validation Analysis
- Search for all input points:
grep -r "req\.\(body\|params\|query\)" --include="*.js" - For Rails projects:
grep -r "params\[" --include="*.rb" - Verify each input is properly validated and sanitized
- Check for type validation, length limits, and format constraints
- Search for all input points:
-
SQL Injection Risk Assessment
- Scan for raw queries:
grep -r "query\|execute" --include="*.js" | grep -v "?" - For Rails: Check for raw SQL in models and controllers
- Ensure all queries use parameterization or prepared statements
- Flag any string concatenation in SQL contexts
- Scan for raw queries:
More from ratacat/claude-skills
ripgrep
Use when searching text in files, codebases, books, or documents. Use when finding files by pattern, searching large files that are too big to read fully, extracting specific content from many files, or when grep/find is too slow. Triggers on "search for", "find occurrences", "look for pattern", "search in files".
230clean-code
Use when writing, reviewing, or refactoring code. Apply when naming variables or functions, structuring classes, handling errors, writing tests, or when code feels complex or hard to understand. Based on Robert C. Martin's Clean Code.
191annas-archive-ebooks
Use when needing to look up book content, find a book by title/author, download an ebook, or reference material from a published book. Triggers on book lookups, ebook downloads, "find the book", "get the PDF/EPUB of". Downloads produce PDF/EPUB/MOBI files - use ebook-extractor skill to convert to text.
161web-interface-design
Use when designing or reviewing web UI, implementing forms/buttons/inputs, fixing visual hierarchy issues, creating color systems, building layouts, or when interface feels cluttered, hard to read, or users don't know what to click.
82brave-search
Use when user asks to search the web, look something up online, find current/recent/latest information, or needs cited answers. Triggers on "search", "look up", "find out about", "what is the current/latest", image searches, news lookups. NOT for searching code/files—only for web/internet searches.
72design-patterns
Use when designing software architecture, refactoring code structure, solving recurring design problems, or when code exhibits symptoms like tight coupling, rigid hierarchies, scattered responsibilities, or difficult-to-test components. Also use when choosing between architectural approaches or reviewing code for structural improvements.
63