security-audit
Installation
SKILL.md
Security Audit
Systematic security review for application code, dependencies, and configuration.
Not a replacement for professional penetration testing. Identifies common vulnerabilities within scope of code review.
Audit Types
| Type | Focus | When to Use |
|---|---|---|
| Code Review | OWASP Top 10, injection, auth | New features, PRs, suspicious code |
| Dependency | CVEs, outdated packages | Before deploy, periodic, CI/CD |
| Configuration | Secrets, permissions, hardening | Infrastructure changes, new envs |
| Architecture | Attack surface, data flow | Design phase, major refactors |
| API Security | Auth, authz, rate limiting | New endpoints, public APIs |