ccc-securitylisted

# ccc-security > Load ONE skill. Get the entire application security domain. 8 skills in one. **Integration note:** This skill invokes Claude Code's built-in `/security-review` command as the entry point, then routes to specialist sub-skills for deeper analysis. It does not reimplement the security review — it extends it. ## Sub-Skills | # | Skill | Focus | |---|-------|-------| | 1 | security-audit | Comprehensive security audit — SAST, DAST, manual review | | 2 | prompt-injection-defense | Defend AI-powered apps against prompt injection attacks | | 3 | dependency-audit | Audit npm/pip/cargo dependencies for known vulnerabilities | | 4 | secrets-scanner | Scan codebase for hardcoded secrets, API keys, tokens | | 5 | owasp-top-10 | Check application against OWASP Top 10 vulnerabilities | | 6 | codeql-integration | Set up CodeQL for automated security analysis in CI | | 7 | variant-analysis | Find variants of known vulnerabilities across codebase | | 8 | incident-response | Security incident response playbook and remediation | ## Routing Matrix | Your Intent | Route To | |-------------|----------| | "Security audit" / "Review for vulnerabilities" | `/security-review` → `security-audit` + `owasp-top-10` | | "Prompt injection" / "AI app security" | `prompt-injection-defense` | | "Vulnerable dependencies" / "npm audit" | `dependency-audit` | | "Hardcoded secrets" / "API key scan" | `secrets-scanner` | | "OWASP" / "Top 10 check" | `owasp-top-10` | | "CodeQL" / "Automated sec