security-audit
✓Security review of application code, dependencies, configurations, and architecture. Covers OWASP Top 10, dependency scanning, secret management, authentication patterns, and API security. Use this skill when reviewing security of code, auditing dependencies for vulnerabilities, checking configuration security, assessing API endpoints, or answering security concerns about implementations. Triggers on "security", "audit", "vulnerability", "CVE", "OWASP", "injection", "XSS", "CSRF", "authentication security", "authorization flaw".
Installation
SKILL.md
Systematic security review for application code, dependencies, and configuration.
This skill is NOT a replacement for professional penetration testing or security audits. It identifies common vulnerabilities and provides remediation guidance within the scope of code review.
| Code Review | OWASP Top 10, injection, auth | New features, PRs, suspicious code | | Dependency | CVEs, outdated packages | Before deploy, periodic, CI/CD | | Configuration | Secrets, permissions, hardening | Infrastructure changes, new envs | | Architecture | Attack surface, data flow | Design phase, major refactors |
Security review of application code, dependencies, configurations, and architecture. Covers OWASP Top 10, dependency scanning, secret management, authentication patterns, and API security. Use this skill when reviewing security of code, auditing dependencies for vulnerabilities, checking configuration security, assessing API endpoints, or answering security concerns about implementations. Triggers on "security", "audit", "vulnerability", "CVE", "OWASP", "injection", "XSS", "CSRF", "authentication security", "authorization flaw". Source: srstomp/pokayokay.
Facts (cite-ready)
Stable fields and commands for AI/search citations.
- Install command
npx skills add https://github.com/srstomp/pokayokay --skill security-audit- Source
- srstomp/pokayokay
- Category
- !Security
- Verified
- ✓
- First Seen
- 2026-02-02
- Updated
- 2026-02-18
Quick answers
What is security-audit?
Security review of application code, dependencies, configurations, and architecture. Covers OWASP Top 10, dependency scanning, secret management, authentication patterns, and API security. Use this skill when reviewing security of code, auditing dependencies for vulnerabilities, checking configuration security, assessing API endpoints, or answering security concerns about implementations. Triggers on "security", "audit", "vulnerability", "CVE", "OWASP", "injection", "XSS", "CSRF", "authentication security", "authorization flaw". Source: srstomp/pokayokay.
How do I install security-audit?
Open your terminal or command line tool (Terminal, iTerm, Windows Terminal, etc.) Copy and run this command: npx skills add https://github.com/srstomp/pokayokay --skill security-audit Once installed, the skill will be automatically configured in your AI coding environment and ready to use in Claude Code or Cursor
Where is the source repository?
https://github.com/srstomp/pokayokay
Details
- Category
- !Security
- Source
- skills.sh
- First Seen
- 2026-02-02