| name | security-audit |
| description | Provides security guidelines for input validation, authentication, authorization, and secure coding practices. Use when implementing auth, handling user input, working with credentials, or conducting security reviews. |
| allowed-tools | Read, Grep, Glob |
Security Audit Skill
When to Use
- Implementing authentication/authorization
- Handling user input
- Working with sensitive data (passwords, tokens, keys)
- Security review requests
- Designing API endpoints
Security Checklist
Input Validation
- Validate all user input
- Prevent SQL Injection
- Prevent XSS
- Prevent Command Injection
Authentication
- Secure password hashing
- Session management
- JWT security settings
Authorization
- Permission verification
- Resource access control
Reference
OWASP Top 10 Reference
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring