ReddRadar
Agent skill
workflow-security-audit
Comprehensive security assessment and remediation. Use for security reviews, compliance checks, vulnerability assessments.
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/workflow-security-audit
SKILL.md
Security Audit Workflow
Comprehensive security assessment process.
Phase 1: Threat Assessment
Agents: security-auditor
Scope:
- Authentication & authorization
- Data protection
- API security
- Dependency vulnerabilities
- Infrastructure security
Output: Threat model, risk assessment, priority list
Phase 2: Automated Scanning
Agents: security-auditor
Tools to run:
- Dependency check (npm audit, pip-audit, cargo audit)
- Static analysis (semgrep, bandit, etc.)
- Secret scanning (trufflehog, gitleaks)
Output: Vulnerability report with severity ratings
Phase 3: Manual Code Review
Agents: security-auditor
Focus areas:
- Input validation
- Output encoding
- Authentication logic
- Authorization checks
- Cryptography usage
- Session management
Phase 4: Penetration Testing
Agents: security-auditor
Test for:
- SQL injection
- XSS attacks
- CSRF attacks
- Authentication bypass
- Privilege escalation
Phase 5: Remediation Planning
Agents: requirements-analyst
- Create fix tasks from vulnerability report
- Prioritize by severity
- Estimate timeline
- Allocate resources
Phase 6: Fix Implementation
Blocking: Validation required before proceeding
Phase 7: Security Validation
Agents: security-auditor
- Retest all identified vulnerabilities
- Regression checks
- Verify fixes don't introduce new issues
Phase 8: Documentation
Agents: technical-writer
- Security audit report
- Compliance documentation
- Security best practices guide
Phase 9: Compliance Check
Agents: security-auditor
Standards:
- OWASP Top 10
- GDPR (if applicable)
- SOC2 (if applicable)
- HIPAA (if applicable)
Success Criteria
- All critical vulnerabilities fixed
- All high vulnerabilities fixed
- Compliance requirements met
- Security tests pass
Severity Levels
| Level | Response Time | Examples |
|---|---|---|
| Critical | Immediate | RCE, auth bypass, data breach |
| High | 24-48h | SQL injection, privilege escalation |
| Medium | 1 week | XSS, CSRF, information disclosure |
| Low | Next sprint | Best practice violations |
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?