Security Auditor
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Why this rating
Deterministic checks triggered by the tool capabilities and evidence.
- Locality: Local
Skill content is a checklist/reporting workflow for code audits.
- Data access: Sensitive
Targets auth files, `.env*`, API routes, and other security-critical code paths.
- Action surface: Read
Produces findings and mitigations without directly changing systems.
Best practices
Follow these steps to reduce risk when using this skill.
- Run audits against a sanitized copy when sharing findings outside the team.
- Prioritize fixing high-severity findings before adding new features.
- Re-run security tests after each remediation to verify risk reduction.
Evidence links
Public sources backing the indicator assignments.
Always be careful when navigating away from the website.
Max-risk rule
If any capability reaches a higher level, the entire indicator level bumps up to keep ratings deterministic and easy to scan.