GitHub Repo Security Audit

A thorough, multi-layer security audit of a single repository. Runs free, open-source tools plus targeted manual checks, installs anything missing automatically, and produces a prioritised report.

Step 0 — Get the target

If the user hasn't provided a repo path or URL, ask:

"What repo should I audit? You can give me a local path, a GitHub URL, or an org/repo slug."

If a GitHub URL or slug is given, clone it into a temporary subfolder (e.g. ./audit-tmp/<repo-name>) before proceeding. If a local path is given, use it directly. Store the absolute path in REPO_DIR.

Step 0.5 — Check repo visibility and GitHub Pages status