audit

# Audit Skill

## Overview

The audit skill provides comprehensive on-demand security and code quality audits for your codebase. It identifies vulnerabilities, security issues, code smells, outdated dependencies, exposed secrets, and compliance problems across all supported technology stacks.

**When to Use**:
- Security audits and vulnerability scans
- Pre-deployment security checks
- Compliance verification (GDPR, HIPAA, SOC2)
- Code quality assessment
- Dependency vulnerability scanning
- Secret exposure detection
- Third-party license compliance

**Technology Coverage**:
- React/TypeScript/JavaScript projects
- Go applications
- Rust projects
- Python codebases
- Full-stack applications
- Monorepos and microservices

## Audit Categories

### 1. Security Vulnerabilities (OWASP Top 10)

**What Gets Checked**:
- SQL injection vulnerabilities
- Cross-site scripting (XSS)
- Authentication and session management flaws
- Security misconfigurations
- Sensitive data exposure
- XML external entities (XXE)
- Broken access control
- Cross-site request forgery (CSRF)
- Using components with known vulnerabilities
- Insufficient logging and monitoring

**Detection Methods**:
- Static code analysis
- Pattern matching for common vulnerabilities
- Framework-specific security checks
- API endpoint security validation
- Input validation analysis

### 2. Dependency Vulnerabilities

**What Gets Checked**:
- Outdated packages with known CVEs
- Unmaintained dependencies
- License compatibility issues
- Transitive dependency risks
- Version conflicts

**Package Managers Supported**:
- npm/yarn/pnpm (JavaScript/TypeScript)
- go.mod (Go)
- Cargo.toml (Rust)
- requirements.txt/pyproject.toml (Python)
- Gemfile (Ruby)

**Tools Used**:
- `npm audit` / `yarn audit` / `pnpm audit`
- `go mod verify` + vulnerability databases
- `cargo audit`
- `pip-audit` / `safety`

### 3. Exposed Secrets and Credentials

**What Gets Detected**:
- Hardcoded API keys and tokens
- Database credentials
- Private k