Security Audit

Skill-Datei

Security Audit

Security scan for secrets, risky files, and vulnerable dependencies.

Mic23-010 Sterne19.01.2026

Beruf: Informationssicherheitsanalysten
Kategorien: Automatisierungswerkzeuge

Skill-Inhalt

Operational Instructions

This skill executes a static security audit on the project. It identifies dangerous files, exposed credentials, and broken dependencies.

Trigger

Pre-Commit: Before uploading sensitive code.
Refactor: When touching configuration files.
On-Demand: Explicit request "Verify security".

Inputs

Target Logic: Directory to scan (default: .).
Exclude Patterns: Files/Folders to ignore (e.g., .git, .venv, node_modules).

Steps

Secret Scanning: Search for Regex patterns (AWS, GitHub, Generic Keys) in tracked files.
Risky Files Audit: Search for prohibited extensions (, , ) and giant files (>50MB).