ry-sec-reviewlisted

# ry-sec-review ## Purpose Run a high-quality defensive security review of the current implementation. This is not a general code review and not a blocking policy gate by default. It produces evidence-based findings and comments so the agent can decide what to fix immediately and what to report as follow-up. User-facing reports are written in Russian unless the user asks otherwise. Code, paths, symbols, vulnerability categories, and references stay exact. ## When To Use This skill is slash-only (`disable-model-invocation: true`). Apply it when `/ry-sec-review` is invoked or the user explicitly asks for security review of: - Review security, vulnerabilities, exploitability, OWASP/ASVS coverage, hardening, or secure implementation quality. - Audit a diff, pull request, feature, full implementation, module, route, endpoint, API, auth/authz flow, admin path, file handler, webhook, parser, dependency, or configuration. - Check secrets, credentials, tokens, crypto, injection, access control, SSRF-like external requests, unsafe deserialization, supply chain, logging, or exceptional conditions. - Produce findings, confidence ranking, remediation, and verification steps. - React to `/ry-sec-review` slash command invocation. Do not use this skill for ordinary implementation unless the user asks for security review or the change is high-risk enough to require a focused audit. For lightweight secure-coding comments during implementation, use `owasp-top-10-implementation`. ## Revi