AgentSkillsCN

security-checklists

按领域划分的详细安全检查清单。 与安全审核员代理配合使用,进行深度漏洞分析。 根据所审查的代码引用具体文件。

SKILL.md
--- frontmatter
name: security-checklists
description: |
  Detailed security checklists by domain.
  Use with security-reviewer agent for deep vulnerability analysis.
  Reference specific files based on the code being reviewed.

Security Checklists

When to Reference

Reviewing...Use
Login, signup, session, JWT, OAuthauth.md
REST/GraphQL endpoints, request/responseapi.md
package.json, requirements.txt, Dockerfilesupply-chain.md
Payment, inventory, pricing, state machinesbusiness-logic.md

Quick Reference - Universal Red Flags

These apply everywhere:

code
□ Secrets in code, logs, or git history
□ User input reaching shell, eval, or raw queries
□ Missing ownership check before data access
□ State change without proper validation