Agent Skills
› NeverSight/learn-skills.dev
› security-audit
security-audit
GitHub安全审计与漏洞评估专家,用于代码审查、OWASP Top 10 评估、依赖分析及生成修复路线图。
Trigger Scenarios
发布前安全审查
合规性审计
渗透测试准备
依赖漏洞评估
Install
npx skills add NeverSight/learn-skills.dev --skill security-audit -g -y
SKILL.md
Frontmatter
{
"tag": "skill",
"name": "security-audit",
"type": "skill",
"author": "Joseph OBrien",
"status": "unpublished",
"updated": "2025-12-23",
"version": "1.0.1",
"description": "Security auditing and vulnerability assessment specialist. Use when conducting security reviews, analyzing code for vulnerabilities, performing OWASP assessments, or creating security audit reports."
}
Security Audit Skill
Comprehensive security auditing covering code review, vulnerability assessment, OWASP Top 10, dependency analysis, and remediation planning.
What This Skill Does
- Conducts security code reviews
- Identifies vulnerabilities (CVSS scoring)
- Performs OWASP Top 10 assessments
- Audits authentication/authorization
- Reviews data protection controls
- Analyzes dependency vulnerabilities
- Creates remediation roadmaps
When to Use
- Security reviews before release
- Compliance audits
- Penetration test preparation
- Incident response analysis
- Dependency vulnerability assessment
Reference Files
references/SECURITY_AUDIT.template.md- Comprehensive security audit report formatreferences/owasp_checklist.md- OWASP Top 10 checklist with CVSS scoring and CWE references
Workflow
- Define scope and methodology
- Perform static/dynamic analysis
- Document findings by severity
- Map to OWASP categories
- Create remediation roadmap
- Verify fixes
Output Format
Security findings should include:
- Severity (Critical/High/Medium/Low)
- CVSS score and vector
- CWE classification
- Proof of concept
- Remediation steps
Version History
- e0220ca Current 2026-07-05 21:29


