Security Audit Skill
This skill provides a focused security lens for auditing the application.
Focus Areas
- •RLS Policies: logical gaps, "true" conditions, incorrect user checks.
- •SSR/CSR Boundaries: leaking of secrets to the client.
- •Input Validation: gaps where raw input hits the DB or API.
- •Dependencies: known vulnerabilities in
package.json.
RLS Checklist
- •
enable row level securityis ON for all tables. - •
anonrole has minimal/no access. - •
authenticatedrole can only access own datauser_id = auth.uid(). - • No
using (true)policies unless public static data.