workflow-security-audit
Comprehensive security assessment and remediation. Use for security reviews, compliance checks, vulnerability assessments.
13 stars
byNickCrew
Best use case
workflow-security-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Comprehensive security assessment and remediation. Use for security reviews, compliance checks, vulnerability assessments.
Teams using workflow-security-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/workflow-security-audit/SKILL.md --create-dirs "https://raw.githubusercontent.com/NickCrew/Claude-Cortex/main/skills/workflow-security-audit/SKILL.md"
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/workflow-security-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How workflow-security-audit Compares
| Feature / Agent | workflow-security-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Comprehensive security assessment and remediation. Use for security reviews, compliance checks, vulnerability assessments.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
SKILL.md Source
# Security Audit Workflow Comprehensive security assessment process. ## Phase 1: Threat Assessment **Agents:** `security-auditor` Scope: - Authentication & authorization - Data protection - API security - Dependency vulnerabilities - Infrastructure security **Output:** Threat model, risk assessment, priority list ## Phase 2: Automated Scanning **Agents:** `security-auditor` Tools to run: - Dependency check (npm audit, pip-audit, cargo audit) - Static analysis (semgrep, bandit, etc.) - Secret scanning (trufflehog, gitleaks) **Output:** Vulnerability report with severity ratings ## Phase 3: Manual Code Review **Agents:** `security-auditor` Focus areas: - Input validation - Output encoding - Authentication logic - Authorization checks - Cryptography usage - Session management ## Phase 4: Penetration Testing **Agents:** `security-auditor` Test for: - SQL injection - XSS attacks - CSRF attacks - Authentication bypass - Privilege escalation ## Phase 5: Remediation Planning **Agents:** `requirements-analyst` - Create fix tasks from vulnerability report - Prioritize by severity - Estimate timeline - Allocate resources ## Phase 6: Fix Implementation **Blocking:** Validation required before proceeding ## Phase 7: Security Validation **Agents:** `security-auditor` - Retest all identified vulnerabilities - Regression checks - Verify fixes don't introduce new issues ## Phase 8: Documentation **Agents:** `technical-writer` - Security audit report - Compliance documentation - Security best practices guide ## Phase 9: Compliance Check **Agents:** `security-auditor` Standards: - OWASP Top 10 - GDPR (if applicable) - SOC2 (if applicable) - HIPAA (if applicable) ## Success Criteria - [ ] All critical vulnerabilities fixed - [ ] All high vulnerabilities fixed - [ ] Compliance requirements met - [ ] Security tests pass ## Severity Levels | Level | Response Time | Examples | |-------|---------------|----------| | Critical | Immediate | RCE, auth bypass, data breach | | High | 24-48h | SQL injection, privilege escalation | | Medium | 1 week | XSS, CSRF, information disclosure | | Low | Next sprint | Best practice violations |
Related Skills
We are still matching the closest adjacent skills for this page. In the meantime, continue through the full directory.