Security Audit

Overview

Perform comprehensive security audits on codebases by scanning for OWASP Top 10 vulnerabilities, checking dependencies for known CVEs, detecting leaked secrets and API keys, and generating prioritized fix recommendations. This skill combines static analysis patterns with dependency auditing tools.

Instructions

When a user asks you to audit their code for security issues, follow these steps:

Step 1: Determine audit scope

Ask or infer what to audit:

• Code vulnerabilities — OWASP Top 10 patterns in source code
• Dependencies — known CVEs in packages
• Secrets — hardcoded API keys, passwords, tokens
• Configuration — insecure headers, CORS, TLS settings
• All of the above (default if not specified)