Security Audit

What it does

The jstarfilms-security-audit skill performs automated security audits of web applications. It identifies potential vulnerabilities like SQL injection, cross-site scripting (XSS), and common configuration errors. The audit generates a detailed report outlining discovered issues with severity ratings and suggested remediation steps.

When to use it

• Pre-deployment checks: Before releasing new code or features, run an audit to proactively identify and fix security flaws.
• Regular maintenance: Schedule periodic audits (e.g., monthly) to ensure ongoing security posture.
• Post-incident analysis: After a potential security incident, use the skill to investigate vulnerabilities that may have been exploited.
• Third-party library assessment: Evaluate the security of applications relying on external libraries or APIs.

Key capabilities

• Automated vulnerability scanning
• SQL injection detection
• Cross-site scripting (XSS) identification
• Configuration error analysis
• Detailed reporting with severity ratings

Example prompts

• "Audit the security of https://example.com."
• "Perform a comprehensive security audit and report any XSS vulnerabilities on https://mywebapp.test."
• “Analyze https://api.example.org/v1 for SQL injection risks.”

Tips & gotchas

The skill requires the target web application to be publicly accessible or reachable from the agent's execution environment. Results should always be reviewed by a human security expert, as automated audits are not exhaustive and may produce false positives.