---
name: security-audit
description: Run a security audit on current git changes against OWASP Top 10. Checks for injection, auth issues, secrets, and misconfigurations.
disable-model-invocation: true
context: fork
agent: security-auditor
---

# Security Audit

Audit current changes for security vulnerabilities.

## Context

Current git diff:
!`git diff --cached --diff-filter=ACMR`

Unstaged changes:
!`git diff --diff-filter=ACMR`

Changed files:
!`git diff --cached --name-only --diff-filter=ACMR && git diff --name-only --diff-filter=ACMR`

## Steps

1. **Analyze the diff** — identify security-relevant changes (auth, input handling, DB queries, file uploads, API endpoints, secrets)

2. **Check against OWASP Top 10 2021 + API Top 10 2023:**
   - Injection (SQL, NoSQL, Command, XSS)
   - Broken Access Control (IDOR, privilege escalation)
   - Cryptographic Failures (weak algorithms, hardcoded secrets)
   - Insecure Design (business logic flaws, race conditions)
   - Security Misconfiguration (defaults, verbose errors, missing headers)
   - Vulnerable Components (check imports against known CVEs via context7)
   - Auth Failures (session management, JWT issues)
   - SSRF
   - Missing input validation

3. **False positive check** — verify framework mitigations before reporting (ORM, React escaping, CSRF tokens)

4. **Report format:**

```
## Security Audit Report

### Summary
[Secure / Needs Improvement / Critical Issues Found]

### Findings (sorted by severity)
1. [CRITICAL/HIGH/MEDIUM/LOW] Title
   - Location: `file:line`
   - Impact: what can an attacker do
   - Fix: copy-pasteable corrected code
   - Reference: CWE/OWASP ID

### No Issues Found In
- [Areas that were checked and passed]
```