AgentSkillsCN

wa-security-review

基于Well-Architected Framework安全支柱进行重点安全审计。适用于用户说“安全审查”、“wa安全”或“安全审计”时使用。分析身份验证、授权、数据保护、输入验证和秘密管理。

SKILL.md
--- frontmatter
name: wa-security-review
description: >
  Conduct a focused security audit based on the Well-Architected Framework Security pillar.
  Use when user says "security review", "wa security", or "security audit".
  Analyzes authentication, authorization, data protection, input validation, and secrets management.

Well-Architected Security Review

Conduct a focused security audit based on the Well-Architected Framework Security pillar.

Usage: When user says "security review", "wa security", or "security audit"

Security Pillar Focus Areas

  • Authentication & Authorization (identity management, RBAC)
  • Data Protection (encryption at rest/transit, PII handling)
  • Input Validation (SQL injection, XSS, command injection prevention)
  • Secrets Management (no hardcoded credentials)
  • Security Headers & Configuration

Analysis Targets

Analyze the codebase for:

  • 🚨 Critical security vulnerabilities (hardcoded secrets, SQL injection risks)
  • ⚠️ Security weaknesses (missing authorization, weak encryption)
  • ✅ Security best practices observed

Output

Provide specific file references and actionable remediation steps.

Use the Well-Architected Agent with security pillar deep dive scope.