security-auditlisted

# Security Audit Skill Detect common security vulnerabilities during code review and development. Based on OWASP guidelines and common vulnerability patterns. ## Design Principle This skill is **framework-generic**. It provides universal security patterns: - Covers OWASP Top 10 and common CWEs - Works with Python, TypeScript, and other languages - Project-specific security requirements go in project-specific skills ## Variables | Variable | Default | Description | |----------|---------|-------------| | SEVERITY_THRESHOLD | medium | Minimum severity to report | | SCAN_DEPTH | 3 | Directory depth for scanning | | INCLUDE_TESTS | false | Include test files in scan | ## Instructions **MANDATORY** - Follow the Workflow steps below in order. 1. Identify security-sensitive code areas 2. Check for common vulnerability patterns 3. Report findings with severity 4. Suggest remediation ## Red Flags - STOP and Reconsider If you're about to: - Write SQL with string concatenation - Use bare `except:` blocks - Execute shell commands with user input - Store secrets in code - Disable security features "temporarily" **STOP** -> Use parameterized queries -> Add specific exception handling -> Then proceed ## Cookbook ### SQL Injection Prevention - IF: Writing database queries - THEN: Read and execute `./cookbook/sql-injection.md` ### Bare Except Handling - IF: Writing exception handlers - THEN: Read and execute `./cookbook/bare-except.md` ### Shell Injection Prevention - IF: Execut