23 lines
981 B
Markdown
23 lines
981 B
Markdown
---
|
|
auto_execution_mode: 0
|
|
description: Perform a security-focused audit of the codebase against OWASP Top 10, CASL authorization, and LCBP3-DMS security requirements.
|
|
---
|
|
|
|
# Workflow: speckit.security-audit
|
|
|
|
1. **Context Analysis**:
|
|
- The user may pass a scope hint: `backend`, `frontend`, `both`, or specific module paths (defaults to `both`).
|
|
|
|
2. **Load Skill**:
|
|
- Use the `view_file` tool to read the skill file at: `.agents/skills/speckit-security-audit/SKILL.md`
|
|
- Also load `.agents/skills/_LCBP3-CONTEXT.md` for project-specific rules.
|
|
|
|
3. **Execute**:
|
|
- Follow the instructions in the `SKILL.md` exactly.
|
|
- This is READ-ONLY — never modify code during the audit.
|
|
- Output a structured report with Critical / High / Medium / Low severity.
|
|
|
|
4. **On Error**:
|
|
- If scope unclear: Default to `both` (backend + frontend)
|
|
- If `specs/06-Decision-Records/ADR-016-security-authentication.md` missing: Warn and proceed with OWASP Top 10 + CASL checks only
|