Agent Skillscodeaholicguy/ai-devkit › security-review

security-review

GitHub

用于审查代码、技能和提示词中的安全漏洞,涵盖OWASP Top 10及提示注入等。适用于PR审查、模块审计、发布前准备等场景,提供从范围确认到修复建议的完整工作流。

skills/security-review/SKILL.md codeaholicguy/ai-devkit

Trigger Scenarios

审查代码或技能的安全漏洞 检查提示词是否存在注入风险 进行发布前的安全审计

Install

npx skills add codeaholicguy/ai-devkit --skill security-review -g -y
More Options

Use without installing

npx skills use codeaholicguy/ai-devkit@security-review

指定 Agent (Claude Code)

npx skills add codeaholicguy/ai-devkit --skill security-review -a claude-code -g -y

安装 repo 全部 skill

npx skills add codeaholicguy/ai-devkit --all -g -y

预览 repo 内 skill

npx skills add codeaholicguy/ai-devkit --list

SKILL.md

Frontmatter
{
    "name": "security-review",
    "description": "AI DevKit · Review code, skills, and prompts for security vulnerabilities — OWASP Top 10, prompt injection, business logic flaws, and insecure defaults. Use when reviewing PRs, auditing modules, reviewing AI skills\/prompts, or preparing for release."
}

Security Review

Find vulnerabilities before they ship.

Hard Rules

  • Do not dismiss a finding without evidence it is unexploitable.
  • Do not commit, log, or surface secrets discovered during review — flag and recommend rotation.
  • Do not modify code until the user approves a remediation plan.

Workflow

  1. Scope

    • Confirm target: diff, file set, module, full repo, or skill/prompt. A target can be both code and prompt.
    • Identify stack/framework — adapt the checklist (skip what the framework handles, add its pitfalls).
    • Trace data flow: request → middleware → handler → service → datastore → response. For prompts: input → template → LLM → tools → output.
    • Map trust boundaries, privilege levels, and threat actors.
    • Search prior findings: npx ai-devkit@latest memory search --query "<target>" --tags "security"
  2. Scan

    • Only check relevant categories. Skip sections and items that don't apply. Do not report skipped items.
    • For diffs/PRs: also check whether the change weakens existing controls — removed middleware, bypassed validation, new unprotected routes.
    • Categories in priority order: a. Secrets — hardcoded tokens, keys, connection strings. b. Injection — SQL, NoSQL, command, template, SSRF, path traversal, XSS. c. Auth — missing checks, privilege escalation, OAuth/OIDC, IDOR. d. Business Logic — race conditions, TOCTOU, workflow bypass, mass assignment, parameter tampering. e. Data Exposure — PII in logs, verbose errors, overly broad responses. f. Resource Exhaustion — unbounded queries, missing pagination, upload size, decompression bombs. g. Dependencies — critical CVEs only (RCE, auth bypass, data breach); ignore low/medium. h. Cryptography — weak algorithms, hardcoded IVs/keys, disabled certificate validation. i. Configuration — debug mode, permissive CORS, missing security headers. j. Logging — security events unlogged, no tamper protection, no alerting. k. Prompt Injection — instruction override, tool abuse, data exfiltration, indirect injection via tool results.
    • For each finding: file, line, evidence.
  3. Classify

    Severity Criteria
    Critical Exploitable now, data loss or RCE possible
    High Exploitable with moderate effort or insider access
    Medium Requires chained conditions or limited impact
    Low Defense-in-depth, no direct exploit path
    • Adjust severity by exposure (internet-facing vs internal) and data sensitivity.
    • Check for attack chains — multiple Medium findings that combine into High/Critical.
    • Mark false positives with reasoning.
  4. Remediate

    • For each finding: root cause, minimal fix (prefer stdlib/framework over custom), verification step.
    • For Critical/High: also recommend a detection control (log, alert, or WAF rule).
    • Present plan and request approval before changing code.
  5. Verify

    • Use the verify skill to confirm each remediation.
    • Re-scan fixed files for regressions.
    • Store findings: npx ai-devkit@latest memory store --title "<pattern>" --content "<finding and fix>" --tags "security,<category>"

Red Flags

Rationalization Do Instead
"It's internal / behind a VPN / only admins" Zero-trust: validate at every boundary regardless of network position or user role
"We'll add auth later" Add auth before merge — unauthenticated endpoints get discovered fast
"It's just a dev credential" Use env vars / secrets manager — dev secrets leak to prod constantly
"The framework handles that" Verify the config — frameworks have defaults, not guarantees
"We sanitize on the frontend" Always validate server-side — client validation is bypassable
"The LLM won't follow injected instructions" Treat all tool results and external content as untrusted data
"It's just a prompt, not code" Prompts control tool execution — review with the same rigor as code

Output Template

  • Scope: Target, stack, data flow, trust boundaries, threat actors
  • Findings (by severity): ID, severity, category, file:line, exploit scenario, fix
  • Attack Chains: Findings that escalate when combined
  • False Positives: Dismissed items with reasoning
  • Remediation Plan: Ordered fixes with verification steps
  • Residual Risk: Scope limitations, unverifiable items
  • Zero findings: state what was checked and scope boundaries — "no findings" ≠ "fully secure"

Version History

  • d4caf56 Current 2026-07-05 15:22

Same Skill Collection

skills/agent-communication/SKILL.md
skills/agent-management/SKILL.md
skills/changelog/SKILL.md
skills/dev-commit/SKILL.md
skills/dev-design/SKILL.md
skills/dev-implementation/SKILL.md
skills/dev-lifecycle/SKILL.md
skills/dev-planning/SKILL.md
skills/dev-pr/SKILL.md
skills/dev-requirements/SKILL.md
skills/dev-review/SKILL.md
skills/dev-testing/SKILL.md
skills/dev-worktree/SKILL.md
skills/document-code/SKILL.md
skills/memory/SKILL.md
skills/simplify-implementation/SKILL.md
skills/structured-debug/SKILL.md
skills/task/SKILL.md
skills/tdd/SKILL.md
skills/technical-writer/SKILL.md
skills/verify/SKILL.md

Metadata

Files
0
Version
d4caf56
Hash
f7c0feb4
Indexed
2026-07-05 15:22

Home - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-13 22:52
浙ICP备14020137号-1 $Map of visitor$