Security Review
Invoked when code changes touch authentication, authorization, data handling, or external input processing. Also triggered during pre-release audits, dependency updates, or after a security incident. Ensures code does not introduce vulnerabilities from the OWASP Top 10 or expose secrets and sensitive data.
Read the full skill on GitHub. The site shows the first section; the canonical full content with all principles, examples, and rules lives in the repo.
View full SKILL.md on GitHub ›What the full skill covers
- Micro-Skills
- Inputs
- Outputs
- Edge Cases
- Scope
- Guardrails
- Ask-When-Ambiguous
- Decision Criteria