cybersecurity-audit

What problem does it solve?

This Skill helps you quickly identify security weaknesses across a codebase—covering web, API, LLM-specific threats, secrets, crypto, supply-chain CVEs, and common exploit chains—then organizes findings into a prioritized remediation plan.

Core Features & Use Cases

• OWASP Top 10 2025 (web): classifies issues by the most common real-world vulnerability families so findings map to actionable fixes.
• OWASP API Top 10: audits REST/GraphQL authorization, auth failures, mass assignment, rate limiting gaps, and SSRF-type API risks.
• OWASP LLM Top 10: checks prompt injection, sensitive disclosure, unsafe output handling, and excessive agent agency for AI-enabled apps.
• Injection & auth/crypto deep dives: runs targeted detection guidance for SQL/NoSQL/command/template injection, Broken Access Control patterns, JWT/session pitfalls, and crypto/secrets mistakes.
• Supply-chain via OSV.dev + native scanners: cross-checks dependency CVEs with OSV.dev and recommends ecosystem-native tooling.
• Produces categorized findings + remediation plan: prioritizes fixes by exploitability and blast radius, and outputs defensive-only, non-exploit guidance.

Quick Start

Ask the auditor to run a defensive vulnerability sweep over your repository and return categorized findings with file paths and a prioritized remediation checklist.