security-audit
Professional security audit skill for web apps and APIs with structured severity-based findings and remediation plans.
skill install https://www.promptspace.in/skills/security-auditWhat it does
The Security Audit skill provides a professional-grade framework for reviewing web applications, backend services, and APIs for critical security vulnerabilities. It systematically analyzes entry points, trust boundaries, and data paths to identify risks across authentication, session management, input validation, and infrastructure configuration.
Why use this skill
Unlike generic AI prompts that may provide speculative or vague security advice, this skill follows a structured commercial methodology. It focuses on defensible, high-impact risks rather than noise. It automates the "red-teaming" mindset to find insecure defaults and missing hardening steps that developers often overlook during standard code reviews.
Supported tools
- Claude Code
- Codex
- OpenCode
What the output looks like
You receive a structured security report categorized by severity. Each finding includes a concise risk statement, specific evidence from your codebase, and a concrete, actionable remediation plan to fix the vulnerability immediately.
Key coverage areas
- Authentication and Authorization flows
- Input validation and Output safety (XSS/SQLi prevention)
- Dependency hygiene and configuration hardening
- API transport security and exposure
Use cases
- Identify vulnerabilities across app entry points and trust boundaries
- Classify security risks using structured severity-based ratings
- Generate detailed remediation plans for authentication and session flaws
- Audit API endpoints for common input validation and configuration errors
Example
Prompt
Sample output preview is available after purchase.
Known limitations
- Limited to static analysis; cannot perform dynamic runtime fuzzing. - Cannot detect logic flaws in third-party compiled binaries. - Effectiveness depends on access to full source context.