security-pr-checklist-skill
SKILL.md
Security PR Checklist Skill
Standardized security review for pull requests.
PR Security Checklist
## Security Review Checklist
### Authentication & Authorization
- [ ] No hardcoded credentials
- [ ] Authorization checks on all endpoints
- [ ] Session management secure
- [ ] Rate limiting on auth endpoints
### Input Validation
- [ ] All inputs validated
- [ ] Output properly encoded
- [ ] No SQL injection risks
- [ ] No XSS vulnerabilities
### Data Protection
- [ ] Sensitive data encrypted at rest
- [ ] HTTPS enforced
- [ ] No PII in logs
- [ ] Secure cookie configuration
### Dependencies
- [ ] No new high/critical vulnerabilities
- [ ] Dependencies up to date
- [ ] No suspicious packages
### Secrets Management
- [ ] No secrets in code
- [ ] Environment variables used
- [ ] .env files in .gitignore
### Error Handling
- [ ] No sensitive info in errors
- [ ] Generic error messages
- [ ] Proper logging
Output Checklist
- PR template created
- Required security checks
- Common pitfalls documented
- Automated checks in CI
- Review guidelines ENDFILE
Weekly Installs
12
Repository
patricio0312rev/skillsFirst Seen
10 days ago
Installed on
claude-code9
gemini-cli8
antigravity8
windsurf8
github-copilot8
codex8