AgentSkillsCN

audit

针对漏洞、性能问题以及不良实践开展安全审计与代码审查。在审查代码的安全性(SQL 注入、XSS、硬编码密钥、CSRF)、性能(N+1 查询、内存泄漏、阻塞式异步操作),或代码质量(复杂度、错误处理、类型安全)时,可使用此技能。

SKILL.md
--- frontmatter
name: audit
description: Security audit and code review for vulnerabilities, performance issues, and bad practices. Use when reviewing code for security (SQL injection, XSS, hardcoded secrets, CSRF), performance (N+1 queries, memory leaks, blocking async), or code quality (complexity, error handling, type safety).

Security Audit

Analyze code for vulnerabilities, performance issues, and bad practices.

Checklist

CategoryIssues to Find
InjectionSQL concatenation, XSS, command injection, path traversal
SecretsHardcoded credentials, API keys in code, .env committed
AuthMissing validation, broken access control, CSRF
PerformanceN+1 queries, unbounded loops, blocking in async
ResilienceUnhandled errors, missing timeouts, race conditions
QualityMagic numbers, deep nesting, missing types, dead code

Output Format

markdown
## Issues

### HIGH
- [file:line] Issue description
- [file:line] Issue description

### MEDIUM
- [file:line] Issue description

### LOW
- [file:line] Issue description

## Fixes

### [Issue name]
[Fixed code - no explanation]

Provide fixes for top 3 HIGH/MEDIUM issues. Code only, no explanations.