security-reviewlisted

# Security Review Skill Conduct a thorough security audit checking for OWASP Top 10 vulnerabilities, hardcoded secrets, and unsafe patterns. ## When to Use This skill activates when: - User requests "security review", "security audit" - After writing code that handles user input - After adding new API endpoints - After modifying authentication/authorization logic - Before deploying to production - After adding external dependencies ## What It Does ## GPT-5.4 Guidance Alignment - Default to concise, evidence-dense progress and completion reporting unless the user or risk level requires more detail. - Treat newer user task updates as local overrides for the active workflow branch while preserving earlier non-conflicting constraints. - If correctness depends on additional inspection, retrieval, execution, or verification, keep using the relevant tools until the security review is grounded. - Continue through clear, low-risk, reversible next steps automatically; ask only when the next step is materially branching, destructive, or preference-dependent. Delegates to the `security-reviewer` agent (THOROUGH tier) for deep security analysis: 1. **OWASP Top 10 Scan** - A01: Broken Access Control - A02: Cryptographic Failures - A03: Injection (SQL, NoSQL, Command, XSS) - A04: Insecure Design - A05: Security Misconfiguration - A06: Vulnerable and Outdated Components - A07: Identification and Authentication Failures - A08: Software and Data Integrity Failur