Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.
Initial release of the security-reviewer skill. - Provides a comprehensive framework for security code review, penetration testing, and infrastructure security analysis. - Defines clear workflow steps: scoping, automated scans, manual review, active testing, severity rating, and reporting. - Includes strict constraints and best practices for effective and responsible security assessments. - Offers reference guides and output templates for producing actionable, detailed reports. - Integrates knowledge from leading security tools and standards (OWASP Top 10, SAST tools, CVSS, CIS benchmarks, etc.).