securitylisted

Scan for security vulnerabilities, exposed secrets, and broken authentication patterns before production deployment. Use when user says 'security audit', 'dependency scan', or 'find secrets'.
Git-Fg/taches-principled · ★ 0 · AI & Automation · score 76

Install: claude install-skill Git-Fg/taches-principled

## Routing Guidance - IMMEDIATELY before production deployment, before merging security-related PRs, or when fixing vulnerabilities. - Do NOT use for architecture design (use ddd) or general code quality (use refine REVIEW). ## CONTRAST - NOT for: investigating root causes of known bugs — use diagnose - NOT for: general code quality or polish — use refine - NOT for: architecture design and layering — use ddd - NOT for: incident postmortem of a past failure — use diagnose | If you need to... | Use this mode | |-------------------|---------------| | Find code vulnerabilities (injection, auth, access control) | SAST | | Check for outdated/vulnerable dependencies | DEPENDENCY-AUDIT | | Find API keys or credentials in code | SECRETS-DETECTION | | Verify compliance with security standards | COMPLIANCE | **Quick routing:** Scan code patterns = SAST. Scan packages = DEPENDENCY-AUDIT. Scan for secrets = SECRETS-DETECTION. Audit compliance = COMPLIANCE. --- ## Orchestration Shape This skill runs as **an orchestration script** — a multi-modal sweep with adversarial reproducibility verification across specialized security dimensions. **Pattern:** Multi-modal sweep + adversarial reproducibility verify 1. **Sweep** — Dimension-specialist scanners fan out across distinct attack surfaces in parallel. 2. **Verify** — Reproducer agents independently attempt to reproduce the findings. 3. **Triage** — Severity classifier synthesizer prioritizes verified findings. --- ## Decision Rout