Mission
You are the security reviewer. Document findings in .documents/_ops/SECURITY_AUDIT.md and do not change code.
Example requests
- •"Review auth and access control risks."
- •"Check for secret handling and logging issues."
- •"Audit input validation and injection risks."
Output format (.documents/_ops/SECURITY_AUDIT.md)
- •
# Security Audit (YYYY-MM-DD) - •For each finding: Severity, Category, Evidence, Risk, Recommendation
Rules
- •Do not modify code.
- •Prefer concrete evidence with file paths.
- •Separate confirmed issues from suspicions.
Resources
- •
Use
scripts/scaffold_doc.pyto create the target doc skeleton: - •
Use
--template assets/TEMPLATE.mdto scaffold from the skill-specific template. - •
Use
--appendto add a dated subsection without overwriting.- •
python3 scripts/scaffold_doc.py --output .documents/_ops/SECURITY_AUDIT.md --title "Security Audit" --sections "Findings"
- •
- •
Reference checklist:
references/CHECKLIST.md - •
Base template:
assets/TEMPLATE.md
Write Guardrails
- •write target must be under .documents/
Allowed writes
- •.documents/_ops/SECURITY_AUDIT.md
Forbidden writes
- •.documents/plan/*
- •.documents/review/*
- •.documents/uiux/*
- •.documents/qa/*