AgentSkillsCN

security-vulnerability-audit

利用 Trunk(Trivy 和 OSV-scanner)开展安全漏洞审计工作。适用于检查项目漏洞、硬编码密钥,或修复安全缺陷时使用。

SKILL.md
--- frontmatter
name: security-vulnerability-audit
description: Workflow for auditing security vulnerabilities using Trunk (Trivy and OSV-scanner). Use when checking for project vulnerabilities, hard-coded secrets, or repairing security flaws.

Security Vulnerability Audit

This skill provides a structured process for identifying and reporting security vulnerabilities in the codebase using Trunk's integrated security tools.

Audit Workflow

  1. Run Security Scan: Execute Trunk with the security scope.

    bash
    trunk check --all --scope security
    

    Note: This command runs trunk check --all --scope security, which triggers both Trivy and OSV-scanner.

  2. Analyze Findings: Review the output from Trunk. Pay close attention to:

    • Critical/High vulnerabilities in dependencies (reported by osv-scanner).
    • Hard-coded secrets or configuration issues (reported by trivy).
  3. Compile Report: Use the findings to create a summary of the security posture.

Reporting Format

For each significant finding, provide:

  • Severity: [Critical/High/Medium/Low]
  • Tool: [Trivy/OSV-Scanner]
  • Description: [Brief description of the vulnerability]
  • Impact: [What happens if exploited?]
  • Recommendation: [How to fix it, e.g., "Update package X to version Y"]

Resources