Security Review Skill

Use this skill when reviewing Convex functions, auth logic, public query shapes, admin routes, webhooks, uploads, or any AI generated code that touches user data.

When to use it

Reach for this skill when:

• a mutation writes user or admin data
• a public query returns package or user data
• an internal function should be separated from a public wrapper
• a form collects names, emails, or other contact info
• a webhook, upload, or API key flow is added
• AI generated code needs a security pass before shipping

Auth and ownership checks