Security Audit
Perform a security audit with the following scope:
$ARGUMENTS
Audit Methodology
1. Dependency Security
Check for known vulnerabilities in dependencies using the package manager's audit command.
2. Source Code Analysis
Scan for common vulnerability patterns:
- •Hardcoded secrets (API keys, passwords, tokens)
- •Command injection via string interpolation in shell/exec calls
- •XSS vectors in templates
- •Prompt injection in AI agent inputs
- •Insecure deserialization
- •Information disclosure in error messages
3. AI Agent Security
Review AI agent patterns and verify:
- •Input sanitization is applied before LLM processing
- •Output sanitization prevents data leakage
- •Tool calls are validated and scoped
- •Prompt injection defenses are in place
4. Configuration Security
- •No secrets in version control
- •Proper .gitignore coverage
- •CORS configuration
- •Environment variable handling
Output
Produce a security report with findings classified by severity:
- •🔴 Critical / 🟠 High / 🟡 Medium / 🔵 Low
Each finding includes: location, vulnerability, impact, and remediation steps.