Security Pr Checklist Skill

What it does

This skill provides a structured checklist for reviewing security pull requests, helping teams identify common vulnerabilities before code merges. It standardizes the review process to ensure consistent application of security best practices across your repository.

When to use it

• Before merging any pull request that introduces new authentication or authorization logic.
• During code reviews for dependencies where third-party libraries are added to the project.
• When auditing recent changes to sensitive configuration files or environment variables.
• As a mandatory step in CI/CD pipelines before deploying production builds.

Key capabilities

• Generates a comprehensive list of security questions tailored to the specific PR context.
• Highlights potential issues related to input validation, output encoding, and secure defaults.
• Facilitates communication between developers and security engineers during the review phase.

Example prompts

• "Run the security PR checklist on this pull request to identify any authentication bypass risks."
• "Use the security checklist to review the changes made to our database connection strings in this commit."
• "Generate a security review list for the new user registration feature being added in this PR."

Tips & gotchas

Ensure your team has access to the specific repository context or provide relevant file paths when invoking the skill, as it relies on understanding the codebase changes. While this checklist covers common patterns, it should complement—not replace—manual expert review for complex security architectures.