Does it help with AI-specific security concerns?

Absolutely. It reviews AI agent patterns to verify input/output sanitization, tool call scoping, and defenses against prompt injection.

How are the security findings presented?

Findings are organized into a report classified by severity (Critical, High, Medium, Low) including the location, impact, and remediation steps.

Does it check for outdated or vulnerable packages?

Yes, it uses built-in tools like 'pnpm audit' and grep to identify known vulnerabilities within your project's dependencies.

What types of vulnerabilities does this skill detect?

It identifies OWASP Top 10 issues, hardcoded secrets, command injection, XSS vectors, and specific AI risks like prompt injection.

Can I limit the scope of the security scan?

Yes, you can specify the scope as 'full', 'dependencies', 'ai-agents', or target specific file paths to focus the audit.

Security Audit & Vulnerability Scanning

Name: Security Audit & Vulnerability Scanning
Author: yu-iskw

byyu-iskw

•

安全与测试

Audits codebases for OWASP Top 10 vulnerabilities, AI-specific risks, and dependency security flaws.

This skill enables Claude to perform comprehensive security assessments across your codebase, focusing on both traditional web vulnerabilities and emerging AI-specific risks. It automates the detection of hardcoded secrets, injection vectors, and insecure dependency versions while providing a prioritized report with actionable remediation steps. It is particularly valuable for teams building LLM-integrated applications, as it includes specialized checks for prompt injection and AI-agent data leakage.

主要功能

01Source code analysis for OWASP Top 10 and common injection patterns

02Detection of hardcoded secrets, API keys, and configuration errors

03Prioritized reporting with severity levels and remediation guidance

04Automated dependency vulnerability scanning using native package managers

05Specialized security reviews for AI agent inputs, outputs, and tool calls

063 GitHub stars

使用场景

01Performing pre-deployment security reviews for production-ready code

02Auditing AI agent implementations for prompt injection and leakage risks

03Identifying and patching vulnerable third-party dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add yu-iskw/software-development-team-plugin security-audit

For use in Claude.ai and ChatGPT

主要功能

01Source code analysis for OWASP Top 10 and common injection patterns

02Detection of hardcoded secrets, API keys, and configuration errors

03Prioritized reporting with severity levels and remediation guidance

04Automated dependency vulnerability scanning using native package managers

05Specialized security reviews for AI agent inputs, outputs, and tool calls

063 GitHub stars

使用场景

01Performing pre-deployment security reviews for production-ready code

02Auditing AI agent implementations for prompt injection and leakage risks

03Identifying and patching vulnerable third-party dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add yu-iskw/software-development-team-plugin security-audit

For use in Claude.ai and ChatGPT