security-audit

# Security Audit Skill

This skill provides comprehensive security auditing for web applications with special focus on **database bypass attacks**, **API enumeration**, and **real-world vulnerability patterns** discovered in 2024-2025 security research.

## Features

- **120+ security checks** across 14 categories
- **40+ database/API bypass attack vectors** tested
- **OpenAPI & GraphQL enumeration** detection
- **RLS bypass detection** (anon vs service_role confusion, Views, user_metadata)
- **Realtime channel security** (private:false bypass)
- **PostgREST operator abuse** testing
- **Parallel agent architecture** for fast scanning
- **CLI tool integration** (TruffleHog, Semgrep, npm audit, SupaShield)
- **Current CVE awareness** via WebSearch
- **Supabase-specific checks** (RLS, storage, policies, RPC functions, Edge Functions)
- **pgTAP test generation** for CI/CD integration
- **Auto-fix capability** for CRITICAL/HIGH issues

## Usage

```bash
/security-audit:run full   # Complete audit
/security-audit:run quick  # Pre-deploy checklist (5 min)
/security-audit:run fix    # Audit + auto-fix
```

## Categories

1. **Secrets & Vibe-Coding** - Exposed API keys, hardcoded credentials
2. **IDOR & Access Control** - Broken authorization, missing ownership checks
3. **Payment Security** - Price manipulation, float precision, webhook verification
4. **Injection Attacks** - SQL, XSS (with sanitizer check), command injection, SVG injection
5. **API Security** - Rate limiting, rate limiter bypass, CORS, debug endpoints
6. **Supabase Database** - RLS policies, storage buckets, Edge Function CORS
7. **Database Bypass Attacks** - 40+ attack vectors (expanded)
8. **API Enumeration** - OpenAPI dump, GraphQL introspection, schema leakage
9. **PostgREST Operator Abuse** - gt/lt/ilike/or filter injection, bulk scanning
10. **Realtime Security** - Channel authorization, private:false bypass, subscription leaks
11. **Storage Security** - Public bucket enumeration, signed URL leaks, f