name: security-audit description: Security auditing and vulnerability assessment specialist. Use when conducting security reviews, analyzing code for vulnerabilities, performing OWASP assessments, or creating security audit reports. author: Joseph OBrien status: unpublished updated: '2025-12-23' version: 1.0.1 tag: skill type: skill

Security Audit Skill

Comprehensive security auditing covering code review, vulnerability assessment, OWASP Top 10, dependency analysis, and remediation planning.

What This Skill Does

• Conducts security code reviews
• Identifies vulnerabilities (CVSS scoring)
• Performs OWASP Top 10 assessments
• Audits authentication/authorization
• Reviews data protection controls
• Analyzes dependency vulnerabilities
• Creates remediation roadmaps

When to Use

• Security reviews before release
• Compliance audits
• Penetration test preparation
• Incident response analysis
• Dependency vulnerability assessment

Reference Files

• references/SECURITY_AUDIT.template.md - Comprehensive security audit report format
• references/owasp_checklist.md - OWASP Top 10 checklist with CVSS scoring and CWE references

Workflow

1. Define scope and methodology
2. Perform static/dynamic analysis
3. Document findings by severity
4. Map to OWASP categories
5. Create remediation roadmap
6. Verify fixes

Output Format

Security findings should include:

• Severity (Critical/High/Medium/Low)
• CVSS score and vector
• CWE classification
• Proof of concept
• Remediation steps