Overview
The Security Audit skill systematically scans code for security vulnerabilities, insecure patterns, and potential attack vectors based on OWASP guidelines and security best practices.
SKILL.md Template
---
name: security-audit
description: Perform security audits to identify vulnerabilities and compliance issues. Use when reviewing code security, preparing for audits, or assessing risk.
---
When auditing code security, check for:
## 1. Injection Vulnerabilities
### SQL Injection
- Parameterized queries used?
- ORM escaping properly configured?
- User input sanitized?
### XSS (Cross-Site Scripting)
- Output encoding implemented?
- Content Security Policy set?
- Dangerous innerHTML usage?
### Command Injection
- Shell commands use safe APIs?
- Input validation before exec?
## 2. Authentication & Authorization
- Password hashing (bcrypt, argon2)?
- Session management secure?
- JWT validation complete?
- RBAC properly implemented?
## 3. Data Protection
- Sensitive data encrypted at rest?
- TLS for data in transit?
- PII handling compliant?
- Secrets in environment variables?
## 4. Security Headers
- CORS properly configured?
- CSP headers set?
- HSTS enabled?
- X-Frame-Options set?
## 5. Dependencies
- Known vulnerabilities in deps?
- Dependencies up to date?
- Lockfile committed?
## Output Format
| Severity | Issue | Location | Recommendation |
|----------|-------|----------|----------------|
| Critical | SQL Injection | auth.js:45 | Use parameterized query |
## Severity Levels
- **Critical**: Immediate exploitation possible
- **High**: Significant risk, fix soon
- **Medium**: Should be addressed
- **Low**: Minor issue, best practice
Example Output
# Security Audit Report
**Project**: MyApp Backend
**Date**: 2024-01-15
**Scope**: Authentication & API modules
## Executive Summary
- **Critical Issues**: 2
- **High Issues**: 3
- **Medium Issues**: 5
- **Low Issues**: 8
## Critical Findings
### 1. SQL Injection in User Search
**Location**: `src/api/users.js:45`
**Risk**: Database compromise, data theft
```javascript
// VULNERABLE
const query = `SELECT * FROM users WHERE name = '${req.query.name}'`;
// FIXED
const query = 'SELECT * FROM users WHERE name = ?';
db.query(query, [req.query.name]);
2. Hardcoded API Key
Location: src/services/payment.js:12
Risk: Credential exposure, unauthorized access
// VULNERABLE
const API_KEY = 'sk_live_abc123...';
// FIXED
const API_KEY = process.env.PAYMENT_API_KEY;
High Findings
3. Missing Rate Limiting
Location: src/api/auth.js (login endpoint)
Risk: Brute force attacks
Recommendation: Implement rate limiting
const rateLimit = require('express-rate-limit');
app.use('/login', rateLimit({
windowMs: 15 * 60 * 1000,
max: 5
}));
Compliance Status
| Standard | Status | Notes |
|---|---|---|
| OWASP Top 10 | ⚠️ | 2 critical items |
| PCI DSS | ❌ | Logging insufficient |
| GDPR | ✅ | Data handling OK |
Recommendations Priority
- Fix SQL injection immediately
- Rotate exposed API key
- Implement rate limiting
- Add security headers
- Update vulnerable dependencies
## Usage
/security-audit src/api/
Or ask:
Check this authentication code for security issues
## Best Practices
- Run audits before major releases
- Combine with automated scanning tools
- Document and track findings
- Verify fixes don't introduce new issues