securitylisted

# /security - Security Audit Workflow Dedicated security analysis for sensitive code. ## When to Use - "Security audit" - "Check for vulnerabilities" - "Is this secure?" - "Review authentication code" - "Check for injection attacks" - Before handling auth, payments, user data - After adding security-sensitive features ## Workflow Overview ``` ┌─────────┐ ┌───────────┐ │ aegis │───▶│ arbiter │ │ │ │ │ └───���─────┘ └───────────┘ Security Verify audit fixes ``` ## Agent Sequence | # | Agent | Role | Output | |---|-------|------|--------| | 1 | **aegis** | Comprehensive security scan | Vulnerability report | | 2 | **arbiter** | Verify fixes, run security tests | Verification report | ## Why Dedicated Security? The `/review` workflow focuses on code quality. Security needs: - Specialized vulnerability patterns - Dependency scanning - Secret detection - OWASP Top 10 checks - Authentication/authorization review ## Execution ### Phase 1: Security Audit ``` Task( subagent_type="aegis", prompt=""" Security audit: [SCOPE] Scan for: **Injection Attacks:** - SQL injection - Command injection - XSS (Cross-Site Scripting) - LDAP injection **Authentication/Authorization:** - Broken authentication - Session management issues - Privilege escalation - Insecure direct object references **Data Protection:** - Sensitive data exposure - Hardcoded secrets/credentials - Insecure cryptography - Miss