{"skill":{"slug":"code-security-review","displayName":"Code and System Security Review","summary":"Report only real risks, not manufactured panic. Covers injection, XSS, path traversal, insecure deserialization, authentication and authorization flaws, key...","description":"---\r\nname: code-security-review\r\ndescription: Report only real risks, not manufactured panic. Covers injection, XSS, path traversal, insecure deserialization, authentication and authorization flaws, key leaks, insecure logging, command execution, and other common vulnerabilities.\r\n---\r\n\r\n# Code and System Security Review\r\n\r\nReport only real risks, not manufactured panic.\r\n\r\n## Use Cases\r\n\r\nTriggers when users request a security review, code audit, security check, vulnerability analysis, security assessment, penetration test, code scan, or security review.\r\n\r\n## Workflow\r\n\r\n1. Identify trust boundaries, user inputs, privileged operations, and sensitive data paths.\r\n2. Focus on checking for injection, path traversal, XSS, insecure deserialization, authentication and authorization flaws, key leaks, insecure logging, and command execution issues.\r\n3. Assess both exploitability and impact scope; do not exaggerate low-confidence issues.\r\n4. Mark risks with clear severity levels: critical, high, medium, low.\r\n5. Provide directly actionable remediation recommendations; prioritize providing code patches when possible.\r\n6. If the risk cannot be fully closed in this round, explain the residual risk and subsequent checkpoints.\r\n\r\n## Output Format\r\n\r\nFor each risk point, output:\r\n\r\n- **Risk Point**: Brief description of the issue's location and nature\r\n- **Risk Level**: critical | high | medium | low\r\n- **Impact Description**: Actual consequences if exploited\r\n- **Remediation Plan**: Specific, actionable steps to fix the issue\r\n- **Patch**: A code diff that can be directly applied (prioritize providing this)\r\n\r\nWhen no risks are found, output a brief confirmation and do not fabricate issues.\r\n\r\n## Common Vulnerability Checklist\r\n\r\nSee [references/checklist.md](references/checklist.md) for details, covering the OWASP Top 10 and common attack surfaces.","tags":{"latest":"1.0.1"},"stats":{"comments":0,"downloads":387,"installsAllTime":2,"installsCurrent":2,"stars":0,"versions":2},"createdAt":1778379947392,"updatedAt":1780022787800},"latestVersion":{"version":"1.0.1","createdAt":1780022787800,"changelog":"Version 1.0.1 of code-security-review\n\n- No file changes detected in this version.\n- No updates or modifications to features, workflow, or documentation.\n- Functionality and user experience remain unchanged.","license":"MIT-0"},"metadata":null,"owner":{"handle":"openlark","userId":"s1727wv2g20pc729snzcm4nf8183hy72","displayName":"OpenLark","image":"https://avatars.githubusercontent.com/u/260858787?v=4"},"moderation":null}