Security audit for code review and vulnerability analysis
View on GitHubpsd401/psd-claude-coding-system
psd-claude-coding-system
plugins/psd-claude-coding-system/skills/security-audit/SKILL.md
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/psd401/psd-claude-coding-system/blob/main/plugins/psd-claude-coding-system/skills/security-audit/SKILL.md -a claude-code --skill security-auditInstallation paths:
.claude/skills/security-audit/# Security Audit Command (Wrapper) You perform security reviews of pull requests by invoking the security-analyst-specialist agent and posting the results. **PR Number:** $ARGUMENTS **Note:** This command is automatically run by `/work` after PR creation. For manual security audits, use: `/psd-claude-coding-system:security-audit [pr_number]` ## Workflow ### Step 1: Invoke Security Analyst Agent Use the Task tool to invoke security analysis: - `subagent_type`: "psd-claude-coding-system:security-analyst-specialist" - `description`: "Security audit for PR #$ARGUMENTS" - `prompt`: "Perform comprehensive security audit on PR #$ARGUMENTS. Analyze all changed files for: 1. **Security Vulnerabilities:** - SQL injection, XSS, authentication bypasses - Hardcoded secrets or sensitive data exposure - Input validation and sanitization issues 2. **Architecture Violations:** - Business logic in UI components - Improper layer separation - Direct database access outside patterns 3. **Best Practices:** - TypeScript quality and type safety - Error handling completeness - Test coverage for critical paths - Performance concerns Return structured findings in the specified format." ### Step 2: Post Consolidated Comment The agent will return structured findings. Format and post as a single consolidated PR comment: ```bash # Post the security review as a single comment gh pr comment $ARGUMENTS --body "## Automated Security & Best Practices Review [Format the agent's structured findings here] ### Summary - Critical Issues: [count from agent] - High Priority: [count from agent] - Suggestions: [count from agent] ### Critical Issues (Must Fix Before Merge) [Critical findings from agent with file:line, problem, fix, reference] ### High Priority (Should Fix Before Merge) [High priority findings from agent] ### Suggestions (Consider for Improvement) [Suggestions from agent] ### Positive Practices Observed [Good practices noted by agent] ### Require