add SKILL

.claude/skills/security-audit/SKILL.md

@@ -0,0 +1,58 @@
+---
+name: security-audit
+description: Run a security audit on current git changes against OWASP Top 10. Checks for injection, auth issues, secrets, and misconfigurations.
+disable-model-invocation: true
+context: fork
+agent: security-auditor
+---
+
+# Security Audit
+
+Audit current changes for security vulnerabilities.
+
+## Context
+
+Current git diff:
+!`git diff --cached --diff-filter=ACMR`
+
+Unstaged changes:
+!`git diff --diff-filter=ACMR`
+
+Changed files:
+!`git diff --cached --name-only --diff-filter=ACMR && git diff --name-only --diff-filter=ACMR`
+
+## Steps
+
+1. **Analyze the diff** — identify security-relevant changes (auth, input handling, DB queries, file uploads, API endpoints, secrets)
+
+2. **Check against OWASP Top 10 2021 + API Top 10 2023:**
+   - Injection (SQL, NoSQL, Command, XSS)
+   - Broken Access Control (IDOR, privilege escalation)
+   - Cryptographic Failures (weak algorithms, hardcoded secrets)
+   - Insecure Design (business logic flaws, race conditions)
+   - Security Misconfiguration (defaults, verbose errors, missing headers)
+   - Vulnerable Components (check imports against known CVEs via context7)
+   - Auth Failures (session management, JWT issues)
+   - SSRF
+   - Missing input validation
+
+3. **False positive check** — verify framework mitigations before reporting (ORM, React escaping, CSRF tokens)
+
+4. **Report format:**
+
+```
+## Security Audit Report
+
+### Summary
+[Secure / Needs Improvement / Critical Issues Found]
+
+### Findings (sorted by severity)
+1. [CRITICAL/HIGH/MEDIUM/LOW] Title
+   - Location: `file:line`
+   - Impact: what can an attacker do
+   - Fix: copy-pasteable corrected code
+   - Reference: CWE/OWASP ID
+
+### No Issues Found In
+- [Areas that were checked and passed]
+```