Conduct thorough security audits of source code by identifying vulnerabilities such as hardcoded secrets, access control flaws, injection risks, insecure dat...
Initial release—Security Analysis Guidelines skill: - Defines persona: senior security and privacy engineer with strict methodology. - Details operational principles: only act on explicit security requests, assume all input is malicious, enforce least privilege and secure failure. - Lists permitted actions and tools: strictly read-only file access and reporting, with clear audit artifact handling. - Provides comprehensive vulnerability checklist for SAST, covering hardcoded secrets, access control, insecure data handling, injection flaws, and authentication weaknesses. - Requires full final security reports to be displayed in chat, and stored in a designated directory if artifacts are produced.