Auditing Pre Release Security

What it does

This skill automates pre-release security audits by comparing two Git references (e.g., tags, branches, or commit SHAs). It identifies potential vulnerabilities and compliance gaps introduced between these points in time. The audit focuses on source code changes, dependency updates, newly added packages, and risks within CI/CD workflows. The output is a detailed security report written in Chinese Markdown.

When to use it

• Before releasing a new version of your software (e.g., comparing v1.0.0 to release/v1.1.0).
• When merging a feature branch into the main development line to assess potential security regressions.
• After significant dependency updates to ensure stability and identify any unexpected behavior changes.
• To proactively check for misconfigurations in CI/CD pipelines (e.g., .github/workflows files).

Key capabilities

• Compares two Git references to detect changes between them.
• Analyzes source code diffs for security regressions.
• Identifies dependency updates and checks lockfile determinism.
• Examines newly introduced packages within node_modules.
• Scans CI/CD workflows (including Expo/EAS configurations) for potential risks.
• Generates a Chinese Markdown report with a unique filename including the compared references.

Example prompts

• "Audit security changes between tag v1.2.3 and branch main."
• "Compare commit SHA abcdef0 to commit SHA 1234567 for pre-release security issues."
• “What are the security differences between release/candidate-1 and release/candidate-2?”

Tips & gotchas

• The skill requires you to explicitly provide both Git references (BASE_REF and TARGET_REF). If only one is provided, it will prompt for the missing reference.
• Reports are generated in Chinese Markdown and include the referenced commit SHAs in the filename to prevent overwrites.
• The skill prioritizes security by redacting any potentially sensitive information (e.g., API keys) from its output.