Skills
skills/navanithans/agent-skill-kit/ask-owasp-security-review

ask-owasp-security-review

SKILL.md

OWASP Security Review Protocol

<critical_constraints>

  1. NO execution/dynamic analysis.
  2. NO false positives. Evidence required.
  3. MUST map to OWASP Top 10.
  4. MUST provide Severity, Location, Remediation. </critical_constraints>

  1. Analyze: Identify language/framework. Trace Source → Sink.
  2. Scan:
    • Injection/Broken Access.
    • Hardcoded Secrets.
    • Logging Failures.
  3. Report: Format findings (Markdown Table). If none, "No risks found".
  4. Remediate: Provide code fixes for Critical/High.

<owasp_checklist>

  • A01 Broken Access: IDOR, traversal.
  • A02 Crypto: Weak keys/algos.
  • A03 Injection: SQLi, XSS, Cmd.
  • A04 Design: No rate limiting.
  • A05 Misconfig: Default creds.
  • A06 Components: Old libs.
  • A07 Auth: Weak pwd.
  • A08 Integrity: Deserialization.
  • A09 Logging: Missing/PII.
  • A10 SSRF: Unvalidated URLs. </owasp_checklist>

<output_template>

Security Audit

Vuln OWASP Sev Loc Desc Fix
Name Cat High File:10 Issue Fix

Summary

[Assessment] </output_template>

Weekly Installs
9
Repository
navanithans/age…kill-kit
GitHub Stars
1
First Seen
Feb 16, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
gemini-cli9
qoder9
replit9
antigravity9
codebuddy9
qwen-code9