explainx.ainewsletter3.02k
Productivity

security-audit

sickn33/antigravity-awesome-skills · updated Apr 13, 2026

$npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill security-audit
0 commentsdiscussion
summary

Comprehensive security auditing workflow for web applications, APIs, and infrastructure. This bundle orchestrates skills for penetration testing, vulnerability assessment, security scanning, and remediation.

skill.md

Security Auditing Workflow Bundle

Overview

Comprehensive security auditing workflow for web applications, APIs, and infrastructure. This bundle orchestrates skills for penetration testing, vulnerability assessment, security scanning, and remediation.

When to Use This Workflow

Use this workflow when:

  • Performing security audits on web applications
  • Testing API security
  • Conducting penetration tests
  • Scanning for vulnerabilities
  • Hardening application security
  • Compliance security assessments

Workflow Phases

Phase 1: Reconnaissance

Skills to Invoke

  • scanning-tools - Security scanning
  • shodan-reconnaissance - Shodan searches
  • top-web-vulnerabilities - OWASP Top 10

Actions

  1. Identify target scope
  2. Gather intelligence
  3. Map attack surface
  4. Identify technologies
  5. Document findings

Copy-Paste Prompts

Use @scanning-tools to perform initial reconnaissance

Use @shodan-reconnaissance to find exposed services

Phase 2: Vulnerability Scanning

Skills to Invoke

  • vulnerability-scanner - Vulnerability analysis
  • security-scanning-security-sast - Static analysis
  • security-scanning-security-dependencies - Dependency scanning

Actions

  1. Run automated scanners
  2. Perform static analysis
  3. Scan dependencies
  4. Identify misconfigurations
  5. Document vulnerabilities

Copy-Paste Prompts

Use @vulnerability-scanner to scan for OWASP Top 10 vulnerabilities

Use @security-scanning-security-dependencies to audit dependencies

Phase 3: Web Application Testing

Skills to Invoke

  • top-web-vulnerabilities - OWASP vulnerabilities
  • sql-injection-testing - SQL injection
  • xss-html-injection - XSS testing
  • broken-authentication - Authentication testing
  • idor-testing - IDOR testing
  • file-path-traversal - Path traversal
  • burp-suite-testing - Burp Suite testing

Actions

  1. Test for injection flaws
  2. Test authentication mechanisms
  3. Test session management
  4. Test access controls
  5. Test input validation
  6. Test security headers

Copy-Paste Prompts

Use @sql-injection-testing to test for SQL injection vulnerabilities

Use @xss-html-injection to test for cross-site scripting

Use @broken-authentication to test authentication security

Phase 4: API Security Testing

Skills to Invoke

  • api-fuzzing-bug-bounty - API fuzzing
  • api-security-best-practices - API security

Actions

  1. Enumerate API endpoints
  2. Test authentication/authorization
  3. Test rate limiting
  4. Test input validation
  5. Test error handling
  6. Document API vulnerabilities

Copy-Paste Prompts

Use @api-fuzzing-bug-bounty to fuzz API endpoints

Phase 5: Penetration Testing

Skills to Invoke

  • pentest-commands - Penetration testing commands
  • pentest-checklist - Pentest planning
  • ethical-hacking-methodology - Ethical hacking
  • metasploit-framework - Metasploit

Actions

  1. Plan penetration test
  2. Execute attack scenarios
  3. Exploit vulnerabilities
  4. Document proof of concept
  5. Assess impact

Copy-Paste Prompts

Use @pentest-checklist to plan penetration test

Use @pentest-commands to execute penetration testing

Phase 6: Security Hardening

Skills to Invoke

  • security-scanning-security-hardening - Security hardening
  • auth-implementation-patterns - Authentication
  • api-security-best-practices - API security

Actions

  1. Implement security controls
  2. Configure security headers
  3. Set up authentication
  4. Implement authorization
  5. Configure logging
  6. Apply patches

Copy-Paste Prompts

Use @security-scanning-security-hardening to harden application security

Phase 7: Reporting

Skills to Invoke

  • reporting-standards - Security reporting

Actions

  1. Document findings
  2. Assess risk levels
  3. Provide remediation steps
  4. Create executive summary
  5. Generate technical report

Security Testing Checklist

OWASP Top 10

  • Injection (SQL, NoSQL, OS, LDAP)
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access Control
  • Security Misconfiguration
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging & Monitoring

API Security

  • Authentication mechanisms
  • Authorization checks
  • Rate limiting
  • Input validation
  • Error handling
  • Security headers

Quality Gates

  • All planned tests executed
  • Vulnerabilities documented
  • Proof of concepts captured
  • Risk assessments completed
  • Remediation steps provided
  • Report generated

Related Workflow Bundles

  • development - Secure development practices
  • wordpress - WordPress security
  • cloud-devops - Cloud security
  • testing-qa - Security testing

Discussion

Product Hunt–style comments (not star reviews)
  • No comments yet — start the thread.
general reviews

Ratings

4.736 reviews
  • Arjun Ndlovu· Dec 20, 2024

    Solid pick for teams standardizing on skills: security-audit is focused, and the summary matches what you get after install.

  • Liam Kim· Dec 16, 2024

    security-audit is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

  • Sakshi Patil· Dec 4, 2024

    Registry listing for security-audit matched our evaluation — installs cleanly and behaves as described in the markdown.

  • Dhruvi Jain· Nov 23, 2024

    Solid pick for teams standardizing on skills: security-audit is focused, and the summary matches what you get after install.

  • Ganesh Mohane· Nov 11, 2024

    security-audit fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.

  • Daniel Bhatia· Nov 7, 2024

    Registry listing for security-audit matched our evaluation — installs cleanly and behaves as described in the markdown.

  • Liam Rao· Nov 7, 2024

    Keeps context tight: security-audit is the kind of skill you can hand to a new teammate without a long onboarding doc.

  • Amelia Singh· Oct 26, 2024

    Useful defaults in security-audit — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.

  • Layla Brown· Oct 26, 2024

    We added security-audit from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.

  • Piyush G· Oct 14, 2024

    I recommend security-audit for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

showing 1-10 of 36

1 / 4