Security Audit Skill
Trigger Phrases
This skill is automatically triggered when the user:
- •Asks to "audit security" or "check for vulnerabilities"
- •Requests security review or assessment
- •Wants to "scan for security issues"
- •Mentions "security audit", "penetration test", or "vulnerability scan"
- •Asks about security best practices
Delegation Instructions
When this skill is triggered:
- •Delegate immediately to the
security-revieweragent - •Specify code or components to audit
- •Include security focus areas if mentioned
- •Provide context about sensitive data
- •Include any compliance requirements
Context to Pass
- •Code to Audit: Files or components to review
- •Security Focus: Specific areas (auth, input validation, etc.)
- •Sensitive Data: Types of sensitive data handled
- •Compliance: Any compliance requirements (GDPR, HIPAA, etc.)
- •Threat Model: Known threats or attack vectors
- •Current Issues: Any known security concerns
Agent Responsibilities
The security-reviewer agent will:
- •Analyze code for security vulnerabilities
- •Check authentication and authorization
- •Review input validation
- •Identify security risks
- •Provide security recommendations
- •Prioritize issues by severity
Usage Examples
Example 1: Code Security Audit
User: "Audit the authentication code for security vulnerabilities"
Delegation: Delegate to security-reviewer with:
- •Code: Authentication implementation
- •Focus: Auth security
- •Context: User authentication flow
Example 2: Pre-Deployment Check
User: "Check the codebase for security issues before deployment"
Delegation: Delegate to security-reviewer with:
- •Scope: Full codebase
- •Focus: Critical vulnerabilities
- •Context: Production deployment
Example 3: Specific Vulnerability
User: "Check if we're vulnerable to SQL injection"
Delegation: Delegate to security-reviewer with:
- •Focus: SQL injection
- •Code: Database queries
- •Context: Database access patterns
Best Practices
- •Delegate security reviews to security-reviewer
- •Specify security focus areas
- •Include compliance requirements
- •Provide sensitive data context
- •Request prioritized findings