security-audit — community security-audit, wm3_digital, community, ide skills, Claude Code, Cursor, Windsurf

v1.0.0
GitHub

About this Skill

Perfect for Code Review Agents needing comprehensive security audit capabilities against OWASP Top 10 vulnerabilities. Landing page oficial da WM3, criada para consolidar o reposicionamento da agência no mercado digital. Centraliza todos os links, serviços e projetos em um só hub estratégico, refletindo a nova fase da marca e a integração de soluções de automação e IA.

duhenri9 duhenri9
[0]
[0]
Updated: 3/5/2026

Agent Capability Analysis

The security-audit skill by duhenri9 is an open-source community AI agent skill for Claude Code and other IDE workflows, helping agents execute tasks with better context, repeatability, and domain-specific guidance.

Ideal Agent Persona

Perfect for Code Review Agents needing comprehensive security audit capabilities against OWASP Top 10 vulnerabilities.

Core Value

Empowers agents to identify and mitigate security risks through SQL injection protection, secure authentication protocols like bcrypt and argon2, and encrypted data storage with TLS.

Capabilities Granted for security-audit

Performing security audits on web applications
Identifying injection vulnerabilities in SQL queries
Enforcing secure authentication and authorization practices

! Prerequisites & Limits

  • Requires access to codebase for review
  • Limited to OWASP Top 10 checklist
  • May require additional configuration for custom security protocols
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

security-audit

Install security-audit, an AI agent skill for AI agent workflows and automation. Works with Claude Code, Cursor, and Windsurf with one-command setup.

SKILL.md
Readonly

Security Audit

When to Use

Use this skill when reviewing code for security or performing security audits.

OWASP Top 10 Checklist

1. Injection

  • SQL queries use parameterized statements
  • OS commands avoid user input
  • LDAP queries are sanitized

2. Broken Authentication

  • Passwords hashed with bcrypt/argon2
  • Session tokens are secure random
  • MFA available for sensitive operations

3. Sensitive Data Exposure

  • Data encrypted at rest
  • TLS for data in transit
  • Secrets not in code/logs

4. XML External Entities (XXE)

  • XML parsing disables external entities
  • JSON preferred over XML

5. Broken Access Control

  • Authorization checked on every request
  • Direct object references validated
  • CORS configured correctly

6. Security Misconfiguration

  • Debug mode disabled in production
  • Default credentials changed
  • Security headers set

7. Cross-Site Scripting (XSS)

  • Output encoding applied
  • Content Security Policy set
  • Input validation present

8. Insecure Deserialization

  • User input not deserialized directly
  • Integrity checks on serialized data

9. Using Components with Known Vulnerabilities

  • Dependencies up to date
  • Vulnerability scanning in CI
  • SBOM maintained

10. Insufficient Logging & Monitoring

  • Security events logged
  • Logs don't contain sensitive data
  • Alerting configured

Report Format

markdown
1## Security Audit: [Component]
2
3### Scope
4[What was reviewed]
5
6### Findings
7| ID | Severity | Issue | Remediation |
8|----|----------|-------|-------------|
9| S1 | Critical | [Issue] | [Fix] |
10
11### Recommendations
121. [Priority recommendation]
132. [Secondary recommendation]

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is security-audit?

Perfect for Code Review Agents needing comprehensive security audit capabilities against OWASP Top 10 vulnerabilities. Landing page oficial da WM3, criada para consolidar o reposicionamento da agência no mercado digital. Centraliza todos os links, serviços e projetos em um só hub estratégico, refletindo a nova fase da marca e a integração de soluções de automação e IA.

How do I install security-audit?

Run the command: npx killer-skills add duhenri9/wm3_digital/security-audit. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for security-audit?

Key use cases include: Performing security audits on web applications, Identifying injection vulnerabilities in SQL queries, Enforcing secure authentication and authorization practices.

Which IDEs are compatible with security-audit?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for security-audit?

Requires access to codebase for review. Limited to OWASP Top 10 checklist. May require additional configuration for custom security protocols.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add duhenri9/wm3_digital/security-audit. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use security-audit immediately in the current project.

Related Skills

Looking for an alternative to security-audit or another community skill for your workflow? Explore these related open-source skills.

View All

widget-generator

Logo of f
f

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.

149.6k
0
AI

flags

Logo of vercel
vercel

flags is a Next.js feature management skill that enables developers to efficiently add or modify framework feature flags, streamlining React application development.

138.4k
0
Browser

zustand

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI

data-fetching

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI