安全
VibeCoding Security — Agent Skill
Comprehensive security skill for AI-assisted ("vibe-coded") projects. Operates in two modes: (1) AUDIT — runs a 50-point security checklist with quantitative scoring against an existing codebase, (2) PREVENTIVE — guides secure code generation by consulting vulnerability knowledge bases before writing. Covers OWASP Top 10, cloud-native security (Supabase RLS, Firebase Rules), payment security (Stripe), mobile security (React Native/Expo), AI/LLM security (prompt injection, usage caps), GraphQL, Docker/CI-CD, and production readiness (GDPR, logging, headers, dependency auditing). Activate when: writing or reviewing code involving auth, payments, database access, API keys, secrets, user data, file uploads, or deployment. Also activate when user says "security audit", "vulnerability check", "is this safe?", "check my code", "audit this", "review for vulnerabilities", "can someone hack this?", "vibe security", or any mention of security concerns.