security-analysis
SKILL.md
Security Analysis
Conduct security audits following strict operational procedures. Only perform analysis when explicitly requested.
Core Principles
- Selective Action: Only analyze when user explicitly requests security help
- Assume All External Input is Malicious: Treat user/API/file data as untrusted until validated
- Principle of Least Privilege: Code should have only necessary permissions
- Fail Securely: Error handling must not expose sensitive information
Permitted Tools
- Read-only operations only:
ls -R,grep,read-file - DO NOT write/modify/delete files unless explicitly instructed
- Store artifacts in
.shield_security/directory - Present complete report in conversation response