security-checklistslisted

# Skill: security-checklists This skill is the **depth library** behind the `security-reviewer` agent. The reviewer's body carries the *universal method* (the three-bucket delegation rule, load-context-first, the always-on STRIDE + LINDDUN open pass, the established-helper-bypass meta-check, the severity rubric, the honest-limits footer, the output format). The *shape-specific depth* — what to actually check at each trust boundary — lives here, in ten `references/<module>.md` modules, so the agent prompt stays lean and the depth scales without bloat. ## How it loads (orchestrator-driven, not self-discovered) **The orchestrator drives loading; the subagent does not.** There is no mechanism to force a subagent to invoke a skill, skill discovery is model-invoked and adapter-variable, and the `security-reviewer`'s `tools:` list does not even include a Skill tool. So depth must not depend on the reviewer finding this library itself. Concretely, at the work-loop's security-review step (and at the pre-EXECUTE spec-stage pass), the orchestrator: 1. Detects which **trust boundaries** the diff or spec crosses. 2. Loads **only the matching modules** via the deterministic boundary→module routing table in `work-loop/SKILL.md`. 3. **Inlines the selected modules' content** into the `security-reviewer` subagent's brief — so the reviewer receives a focused ~30-item checklist as prompt text, never a path to resolve. Where an adapter *does* support subagent skill auto-discovery,