security-review

# Security Review An AI-powered security scanner that reasons about your codebase the way a human security researcher would — tracing data flows, understanding component interactions, and catching vulnerabilities that pattern-matching tools miss. ## When to Use This Skill Use this skill when the request involves: - Scanning a codebase or file for security vulnerabilities - Running a security review or vulnerability check - Checking for SQL injection, XSS, command injection, or other injection flaws - Finding exposed API keys, hardcoded secrets, or credentials in code - Auditing dependencies for known CVEs - Reviewing authentication, authorization, or access control logic - Detecting insecure cryptography or weak randomness - Performing a data flow analysis to trace user input to dangerous sinks - Any request phrasing like "is my code secure?", "scan this file", or "check my repo for vulnerabilities" - Running `/security-review` or `/security-review <path>` ## How This Skill Works Unlike traditional static analysis tools that match patterns, this skill: 1. **Reads code like a security researcher** — understanding context, intent, and data flow 2. **Traces across files** — following how user input moves through your application 3. **Self-verifies findings** — re-examines each result to filter false positives 4. **Assigns severity ratings** — CRITICAL / HIGH / MEDIUM / LOW / INFO 5. **Proposes targeted patches** — every finding includes a concrete fix 6. **Requires human a...