690427:0812 Update Infras #01
This commit is contained in:
@@ -0,0 +1,22 @@
|
||||
---
|
||||
auto_execution_mode: 0
|
||||
description: Perform a security-focused audit of the codebase against OWASP Top 10, CASL authorization, and LCBP3-DMS security requirements.
|
||||
---
|
||||
|
||||
# Workflow: speckit.security-audit
|
||||
|
||||
1. **Context Analysis**:
|
||||
- The user may pass a scope hint: `backend`, `frontend`, `both`, or specific module paths (defaults to `both`).
|
||||
|
||||
2. **Load Skill**:
|
||||
- Use the `view_file` tool to read the skill file at: `.agents/skills/speckit-security-audit/SKILL.md`
|
||||
- Also load `.agents/skills/_LCBP3-CONTEXT.md` for project-specific rules.
|
||||
|
||||
3. **Execute**:
|
||||
- Follow the instructions in the `SKILL.md` exactly.
|
||||
- This is READ-ONLY — never modify code during the audit.
|
||||
- Output a structured report with Critical / High / Medium / Low severity.
|
||||
|
||||
4. **On Error**:
|
||||
- If scope unclear: Default to `both` (backend + frontend)
|
||||
- If `specs/06-Decision-Records/ADR-016-security-authentication.md` missing: Warn and proceed with OWASP Top 10 + CASL checks only
|
||||
Reference in New Issue
Block a user