security-review
Installation
SKILL.md
Security Review
Use this workflow before merging or releasing change sets that touch authentication, data handling, network surface, infrastructure-as-code, or third-party dependencies.
Workflow
- Establish the diff scope:
git diff origin/main...HEAD --statand a list of changed files. - Spawn the
security-auditorsubagent in parallel for each concern below. Each subagent reads only the diff plus immediately relevant context.- Injection: SQL/NoSQL, command, template, deserialization, prompt injection in LLM-touching code.
- Authn/Authz: token handling, session, RBAC checks, privilege escalation.
- Secrets: hard-coded credentials, leaked keys, insufficient redaction in logs.
- Supply chain: new or updated dependencies, lockfile integrity, pinned versions.
- Infrastructure-as-code: open security groups, public buckets, missing encryption, weak defaults.
- Business logic: state-machine bypasses, atomicity violations, replay/race conditions.
- Each subagent returns findings ranked by severity with file/line citations.
- Verify each candidate finding against actual code behavior to filter false positives.
- Combine and dedupe results into a single severity-ordered list.