security-review

// Security vulnerability assessment identifying OWASP risks, injection vectors, authentication issues, and data exposure with severity classification.

$ git log --oneline --stat

stars:384

forks:73

updated:March 4, 2026

SKILL.mdreadonly

SKILL.md Frontmatter

namesecurity-review

descriptionSecurity vulnerability assessment identifying OWASP risks, injection vectors, authentication issues, and data exposure with severity classification.

allowed-toolsRead, Bash, Grep, Glob, Agent, AskUserQuestion

Security Review

Overview

Identify security vulnerabilities in code changes. Covers OWASP categories, injection vectors, authentication/authorization issues, data exposure, and dependency risks.

When to Use

After code review passes (or in parallel)
Before any code merge involving user-facing changes
As part of the /review-security command
Mandatory for high-stakes implementations

Process

Identify modified files with security relevance
Scan for common vulnerability patterns
Assess authentication and authorization changes
Check for data exposure risks
Evaluate dependency security
Classify severity and provide recommendations

Severity Levels

Critical: Immediate exploitation risk
High: Significant vulnerability requiring fix before merge
Medium: Vulnerability that should be addressed soon
Low: Minor security improvement opportunity

Key Rules

Security review failure halts implementation
All findings must include file paths and line numbers
Provide actionable remediation steps
Reference OWASP categories where applicable

Tool Use

Invoke via babysitter process: methodologies/rpikit/rpikit-review