Security Audit

Standalone workflow for reviewing a web application or API without depending on other skills.

When to Use

Use this skill when:

• auditing a web application or API for security issues
• reviewing authentication, authorization, or session handling
• checking input validation, injection risk, or data exposure
• performing a structured hardening and reporting pass before release

Scope and Safety

• Confirm the target, authorized boundaries, and whether testing is read-only or allows active probing.
• Do not run destructive checks, high-volume fuzzing, or denial-of-service style traffic unless explicitly authorized.
• Record assumptions, environment limits, and access level before starting.
• Prefer reproducible evidence over broad claims.