Review Security

What it does

This skill analyzes text to identify potential security vulnerabilities and risks. It can assess code snippets, configuration files, or documentation for common weaknesses like SQL injection, cross-site scripting (XSS), and insecure authentication practices. The goal is to provide a preliminary assessment of security posture before more in-depth analysis.

When to use it

• Code Review: Quickly scan newly written code for potential vulnerabilities during development.
• Configuration Auditing: Evaluate configuration files (e.g., cloud infrastructure settings) for misconfigurations that could lead to breaches.
• Documentation Analysis: Identify security-related gaps or inaccuracies in technical documentation.
• Security Awareness Training: Use it as a tool to demonstrate common vulnerabilities and educate team members.

Key capabilities

• Vulnerability Identification: Detects various types of security flaws.
• Risk Assessment: Provides an initial assessment of the severity of identified risks.
• Text Analysis: Processes code, configuration files, and documentation.
• Security Best Practices: Checks against established security guidelines.

Example prompts

• "Analyze this Python script for potential SQL injection vulnerabilities."
• "Review this AWS CloudFormation template for common misconfigurations."
• "Can you find any insecure authentication practices in this API documentation?"

Tips & gotchas

This skill provides a preliminary assessment and should not replace thorough manual security reviews or penetration testing. The accuracy of the analysis depends on the clarity and completeness of the input text.