What types of vulnerabilities can it detect?

It scans for a wide range of issues including SQL injection, XSS, SSRF, path traversal, hardcoded secrets, and broken access controls.

How does the 95% confidence threshold benefit developers?

By only reporting issues with extremely high confidence, the skill prevents 'alert fatigue' and ensures that developers focus on real, exploitable threats.

Does it replace standard linting or formatting tools?

No, it is intended to complement them. It specifically ignores style and formatting to act as a dedicated security specialist.

When should I use this skill in my workflow?

You should invoke this skill when reviewing files that handle input parsing, database queries, authentication logic, or external API calls.

What is the primary focus of the Security Sentinel skill?

It focuses strictly on finding exploitable security vulnerabilities with high confidence, ignoring code style, naming, or general best practices.

Security Sentinel Code Review

Name: Security Sentinel Code Review
Author: xinbenlv

byxinbenlv

Seguridad y Pruebas

Performs zero-trust security audits to identify exploitable vulnerabilities with high confidence in critical code paths.

Acerca de

Security Sentinel is a paranoid code review skill designed to operate like a high-stakes security engineer. It performs deep, zero-trust analysis on files handling input parsing, database queries, authentication, and external API calls. Unlike standard linters, it ignores code style and naming conventions to focus exclusively on finding exploitable vulnerabilities—such as SQL injection, XSS, and broken access controls—only reporting issues where confidence exceeds 95% to minimize noise and maximize impact.

Características Principales

High-confidence reporting (95%+) to eliminate false positives
Automated secret detection for API keys and private tokens
0 GitHub stars
Comprehensive injection detection (SQL, XSS, Command, Path)
Zero-trust vulnerability analysis for sensitive logic
Authentication and authorization logic auditing

Casos de Uso

Scanning external API integrations for SSRF and data exposure
Reviewing authentication middleware and authorization checks
Auditing database interaction layers for injection risks

Acerca de

Características Principales

High-confidence reporting (95%+) to eliminate false positives
Automated secret detection for API keys and private tokens
0 GitHub stars
Comprehensive injection detection (SQL, XSS, Command, Path)
Zero-trust vulnerability analysis for sensitive logic
Authentication and authorization logic auditing

Casos de Uso

Scanning external API integrations for SSRF and data exposure
Reviewing authentication middleware and authorization checks
Auditing database interaction layers for injection risks