Security Review

What it does

The davila7-security-review skill enables AI agents to perform comprehensive security assessments on codebases, identifying vulnerabilities, misconfigurations, and potential threats. It leverages best practices in secure coding and compliance standards to ensure applications are resilient against common exploits.

When to use it

• Before deploying a new application to production to catch security flaws early.
• During code audits or penetration testing phases to validate the integrity of existing systems.
• When integrating third-party libraries or dependencies that may introduce vulnerabilities.
• As part of a CI/CD pipeline to enforce security checks automatically.

Key capabilities

• Scans for common security issues like SQL injection, XSS, and insecure API calls.
• Analyzes code for adherence to security best practices and compliance standards (e.g., OWASP).
• Identifies misconfigurations in environment variables, access controls, or authentication mechanisms.
• Provides actionable remediation suggestions for detected vulnerabilities.

Example prompts

• "Perform a security review of the /app/controllers directory."
• "Check this codebase for potential SQL injection risks."
• "Audit the API endpoints for insecure data handling practices."

Tips & gotchas

• Ensure that the AI agent has access to the full source code and relevant dependencies for accurate analysis.
• While the skill identifies vulnerabilities, it may not detect logic flaws or business-specific security issues that require deeper domain knowledge.