AI Agent Skill HUB

security-audit

Perform a security audit of the codebase. Checks for OWASP Top 10, AI-specific vulnerabilities, dependency issues, and configuration problems.

6 stars
byyu-iskw
View on GitHubInstallation ↓

Best use case

security-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Perform a security audit of the codebase. Checks for OWASP Top 10, AI-specific vulnerabilities, dependency issues, and configuration problems.

Teams using security-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/security-audit/SKILL.md --create-dirs "https://raw.githubusercontent.com/yu-iskw/llmops-demo-ts/main/.claude/skills/security-audit/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/security-audit/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How security-audit Compares

Feature / Agentsecurity-auditStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Perform a security audit of the codebase. Checks for OWASP Top 10, AI-specific vulnerabilities, dependency issues, and configuration problems.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Security Audit

Perform a security audit with the following scope:

$ARGUMENTS

## Audit Methodology

### 1. Dependency Security

```bash
pnpm audit
```

Review all known vulnerabilities in dependencies.

### 2. Source Code Analysis

Scan for common vulnerability patterns:

- Hardcoded secrets (API keys, passwords, tokens)
- Command injection via string interpolation in Bash/exec calls
- XSS vectors in Vue.js templates (v-html usage)
- Prompt injection in AI agent inputs
- Insecure deserialization
- Information disclosure in error messages

### 3. AI Agent Security

Review the secure_agent pattern and verify:

- Input sanitization is applied before LLM processing
- Output sanitization prevents data leakage
- Tool calls are validated and scoped
- Prompt injection defenses are in place

### 4. Configuration Security

- No secrets in version control
- Proper .gitignore coverage
- CORS configuration
- Environment variable handling

## Output

Produce a security report with findings classified by severity:

- 🔴 Critical / 🟠 High / 🟡 Medium / 🔵 Low

Each finding includes: location, vulnerability, impact, and remediation steps.

Related Skills

write-tests

6
from yu-iskw/llmops-demo-ts

Write unit tests, integration tests, or E2E tests for code. Use after implementing a feature or when test coverage is needed.

write-requirements

6
from yu-iskw/llmops-demo-ts

Write user stories, acceptance criteria, and technical requirements for a feature or change. Use when defining what needs to be built.

review-code

6
from yu-iskw/llmops-demo-ts

Review code changes for quality, security, and adherence to project conventions. Use after making code changes or when reviewing a pull request.

research

6
from yu-iskw/llmops-demo-ts

Research and gather reliable information about libraries, APIs, specifications, and best practices. Use when you need to understand external documentation before planning or implementing a feature.

plan-task

6
from yu-iskw/llmops-demo-ts

Create a structured implementation plan for a feature, refactoring, or multi-step task. Use as the first step in the pipeline before /orchestrate. Produces a plan that the orchestrator can turn into a delegation plan.

orchestrate

6
from yu-iskw/llmops-demo-ts

Produce a structured delegation plan for parallel agent execution. Takes a task description or plan output, analyzes dependencies, assigns agents, and groups tasks for parallel execution. Use after /plan-task or when you need to plan how to delegate work across agents.

implement-feature

6
from yu-iskw/llmops-demo-ts

Implement a feature or fix a bug following the project's TypeScript patterns and conventions. Use when code changes are needed.

design-component

6
from yu-iskw/llmops-demo-ts

Design a UI component with specifications for layout, states, interactions, and accessibility. Use when creating new Vue.js components or redesigning existing ones.

deploy

6
from yu-iskw/llmops-demo-ts

Deploy the application or manage infrastructure. Handles Docker builds, CI/CD, and deployment workflows.

compliance-check

6
from yu-iskw/llmops-demo-ts

Check license compatibility, data privacy compliance, and AI ethics. Use when adding dependencies, handling user data, or reviewing regulatory requirements.

bump-dependencies

6
from yu-iskw/llmops-demo-ts

Bump or upgrade declared dependency versions in this pnpm workspace (root and packages/* package.json), with supply-chain checks before and after install. Use when the user asks to upgrade, bump, or refresh npm dependencies in manifests—not only the lockfile.

workspace-surface-audit

144923
from affaan-m/everything-claude-code

Audit the active repo, MCP servers, plugins, connectors, env surfaces, and harness setup, then recommend the highest-value ECC-native skills, hooks, agents, and operator workflows. Use when the user wants help setting up Claude Code or understanding what capabilities are actually available in their environment.

DevelopmentClaude