Can it help with OWASP security compliance?

Yes, its Phase 3 checklist specifically targets common security risks like Injection, CSRF, IDOR, and sensitive information disclosure.

How does it analyze my local changes?

It uses git commands to fetch the full diff between your current branch and the default branch, ensuring every modified line is audited.

What types of issues does the Find Bugs skill prioritize?

The skill prioritizes security vulnerabilities (like injection and XSS) and functional bugs over stylistic or formatting issues.

Is this skill suitable for large codebases?

Yes, it includes a verification phase that reads surrounding context to ensure that reported issues are real and not already handled elsewhere.

Does this skill automatically change my code?

No, it is designed to report findings and provide fix suggestions, allowing the developer to make the final decision on implementation.

Find Bugs & Security Auditor

Name: Find Bugs & Security Auditor
Author: getsentry

bygetsentry

•

115

セキュリティとテスト

Audits local branch changes for security vulnerabilities, logical bugs, and critical code quality issues.

概要

This skill acts as a methodical security auditor and bug hunter for your local development branch, following a rigorous five-phase process to identify high-impact flaws. It begins by mapping the attack surface of your changes—identifying user inputs, database queries, and authentication checks—before running a comprehensive security checklist covering vulnerabilities like SQL injection, XSS, and broken access control. Designed for developers who need more than a linter, it prioritizes critical security risks and functional bugs over stylistic preferences, providing actionable fix suggestions and concrete evidence for every issue found.

主な機能

Structured reporting with severity levels and concrete fix suggestions
115 GitHub stars
Comprehensive security checklist based on OWASP standards
Automated attack surface mapping for user-facing inputs and queries
False-positive verification by checking surrounding context and tests
Methodical diff analysis ensuring every changed line is reviewed

ユースケース

Reviewing authentication and authorization logic for new API endpoints
Conducting a pre-PR security audit to catch vulnerabilities before code review
Identifying logical edge cases and race conditions in complex feature updates

概要

主な機能

Structured reporting with severity levels and concrete fix suggestions
115 GitHub stars
Comprehensive security checklist based on OWASP standards
Automated attack surface mapping for user-facing inputs and queries
False-positive verification by checking surrounding context and tests
Methodical diff analysis ensuring every changed line is reviewed

ユースケース

Reviewing authentication and authorization logic for new API endpoints
Conducting a pre-PR security audit to catch vulnerabilities before code review
Identifying logical edge cases and race conditions in complex feature updates