Summary
Add a security-auditor skill that audits codebases for security risks — reviewing dependencies, secrets management, access controls, and producing a risk report.
What this skill should do
- Scan dependencies for known vulnerabilities (CVEs)
- Check for hardcoded secrets or credentials
- Review access control configurations
- Audit logging and audit trail completeness
- Produce a structured risk report with severity ratings
Reference
See existing skills like lfx-preflight/SKILL.md for pattern and format.
Each skill lives in its own directory with a SKILL.md file and markdown instructions.
Acceptance Criteria
Summary
Add a
security-auditorskill that audits codebases for security risks — reviewing dependencies, secrets management, access controls, and producing a risk report.What this skill should do
Reference
See existing skills like
lfx-preflight/SKILL.mdfor pattern and format.Each skill lives in its own directory with a
SKILL.mdfile and markdown instructions.Acceptance Criteria
security-auditor/SKILL.mdexists with correct frontmatter