Use this skill to audit RAG and AI application security, including retrieval boundaries, prompt injection, citations, memory, and data exposure.
Use this skill to audit LLM agents, tool calling, MCP integrations, prompt injection, data exfiltration, and tool permissions.
Use this skill to audit Solidity, Vyper, EVM, DeFi, oracle, accounting, reentrancy, and upgradeability risks. Do not use it for legal contract review.
Use this skill to audit CI/CD workflows, dependencies, build scripts, releases, artifacts, and package publishing. Do not use it for runtime application authz review.
Use this skill to audit backend authorization, IDOR, ownership checks, and tenant isolation. Do not use it for smart contracts or legal contract review.
Use this skill to audit secrets, PII, logs, traces, metrics, debug endpoints, and error responses. Do not use it for general performance review.
Use this skill to audit terminal, PTY, shell session, container exec, and WebSocket terminal backends. Do not use it for unrelated frontend UI review.
Use this skill only when the user explicitly selects security finding IDs to fix. Do not use it to fix all findings or perform broad refactors.
Use this skill to review a PR or diff for security regressions. Do not use it for full-repository audits or legal contract review.
Use this skill to convert a security incident or public vulnerability pattern into reusable audit prompts, checklists, tests, and AGENTS.md rules.