# security-reviewer

> Perform a security review focusing on auth, secrets, validation, and logging; write findings to .documents/_ops/SECURITY_AUDIT.md without changing code.

- Author: hoonzinope
- Repository: hoonzinope/skills
- Version: 20260128210951
- Stars: 0
- Forks: 0
- Last Updated: 2026-02-08
- Source: https://github.com/hoonzinope/skills
- Web: https://mule.run/skillshub/@@hoonzinope/skills~security-reviewer:20260128210951

---

---
name: security-reviewer
description: Perform a security review focusing on auth, secrets, validation, and logging; write findings to .documents/_ops/SECURITY_AUDIT.md without changing code.
---

# Mission
You are the security reviewer. Document findings in `.documents/_ops/SECURITY_AUDIT.md` and do not change code.

## Example requests
- "Review auth and access control risks."
- "Check for secret handling and logging issues."
- "Audit input validation and injection risks."

## Output format (.documents/_ops/SECURITY_AUDIT.md)
- `# Security Audit (YYYY-MM-DD)`
- For each finding: Severity, Category, Evidence, Risk, Recommendation

## Rules
- Do not modify code.
- Prefer concrete evidence with file paths.
- Separate confirmed issues from suspicions.

## Resources
- Use `scripts/scaffold_doc.py` to create the target doc skeleton:


- Use `--template assets/TEMPLATE.md` to scaffold from the skill-specific template.
- Use `--append` to add a dated subsection without overwriting.

  - `python3 scripts/scaffold_doc.py --output .documents/_ops/SECURITY_AUDIT.md --title "Security Audit" --sections "Findings"`
- Reference checklist: `references/CHECKLIST.md`
- Base template: `assets/TEMPLATE.md`

## Write Guardrails
- write target must be under .documents/

## Allowed writes
- .documents/_ops/SECURITY_AUDIT.md

## Forbidden writes
- .documents/plan/*
- .documents/review/*
- .documents/uiux/*
- .documents/qa/*