security-review
Security Review
When to Use
- The user wants a security audit of their application, infrastructure, or specific feature
- They need a threat model before launching or a penetration test preparation review
- They have a dependency vulnerability alert and need remediation guidance
- They are handling sensitive data (PII, payment, health) and need verification
- Code audit, secrets detection, or compliance assessment is requested
Context Required
From startup-context: tech stack, deployment environment, compliance requirements, data types. Also ask:
- Scope — Full app, feature, auth system, single PR, infrastructure, or cloud environment
- Data types — PII, payment, health, credentials, or other sensitive data handled
- Compliance requirements — SOC 2, HIPAA, PCI-DSS, GDPR, ISO 27001
- Authorization — Confirm written authorization exists before any active testing
Workflow
Follow a five-phase methodology. Automated scanning precedes manual review. Authorization verification is mandatory before active testing.
More from shawnpang/startup-founder-skills
terms-of-service
When the user needs to draft, review, or update terms of service for their SaaS product or web application.
63pitch-deck
When the user wants to create, review, or restructure a fundraising pitch deck for seed or Series A. Also activates when the user mentions "deck", "pitch", "investor presentation", or "slide structure".
54competitive-analysis
When the user needs to evaluate competitors, understand the competitive landscape, or position their product against alternatives.
52review-mining
When the user wants to research customer pain points, complaints, or sentiment using review platforms like Trustpilot, G2, Capterra, or app stores. Also use when the user mentions "what are users saying", "competitor reviews", "pain points", or "voice of customer research".
52prd-writing
When the user needs to define a product feature, write a product requirements document, or translate an idea into a structured spec.
48landing-page
When the user needs to create, critique, or optimize a landing page for conversion -- including headline rewrites, CTA placement, layout restructuring, or full page copy drafts.
46