AgentSkillsCN

audit

对代码库进行全面的安全审计,深入分析认证流程、租户隔离机制、输入校验等环节,并生成可执行的报告。

SKILL.md
--- frontmatter
name: audit
description: >
  Security audit of the codebase. Performs deep analysis of auth flows,
  tenant isolation, input validation, and generates actionable reports.
user-invocable: true

/audit — Security Audit

Scope

Input: directory path, module name, or blank for full codebase. Examples: src/auth, payments, /audit. Audit: $ARGUMENTS (or full codebase if no arguments)

Flow

  1. Read .claude/project.yml → invariants and critical_flows
  2. Read .claude/memory/architecture.md → security patterns
  3. Analyze codebase for:
    • Tenant isolation violations (missing tenant column filters)
    • Auth bypasses (missing role checks)
    • Input validation gaps (SQL injection, XSS)
    • Hardcoded secrets or credentials
    • RLS policy gaps
  4. Generate report

Output

  • Summary in conversation
  • Full report: /docs/audits/[date]-audit-full.md
  • Action items: /docs/audits/TODO.md