ReddRadar
Agent skill
security-audit
Detect security vulnerabilities and governance violations across delivered code, configurations, and deployed environments. Activate after implementation or periodically as a governance check.
Install this agent skill to your Project
npx add-skill https://github.com/Fr-e-d/GAAI-framework/tree/main/.gaai/core/skills/cross/security-audit
Metadata
Additional technical details for this skill
- id
- SKILL-SECURITY-AUDIT-001
- track
- cross-cutting
- author
- gaai-framework
- status
- experimental
- version
- 1.0
- category
- cross
- updated at
- 1772064000
SKILL.md
Security Audit
Purpose / When to Activate
Activate:
- After implementation as a security gate
- Periodically on active projects
- When security rules are added or updated
Enforces security as a system rule, not a human task.
Process
- Scan code and configs for common vulnerability patterns
- Detect secrets exposure and unsafe patterns
- Validate authentication and authorization flows
- Check compliance against project security rules
- Produce severity-ranked vulnerability report with concrete remediation steps
Outputs
- Vulnerability list with severity (critical / high / medium / low)
- Compliance pass/fail report per security rule
- Concrete remediation steps per vulnerability
- Audit trail for governance
Quality Checks
- All findings include severity and remediation steps
- Compliance status is explicit per rule
- No false positives reported without evidence
- Output is actionable, not just informational
Non-Goals
This skill must NOT:
- Fix vulnerabilities (use
remediate-failuresfor that) - Make architectural decisions
- Replace dedicated security tooling
Prevents high-impact production failures. Security as governance, not afterthought.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
Fr-e-d/GAAI-framework
ci-watch-and-fix
Watch GitHub Actions CI after PR creation, detect failures, extract logs, apply minimal fixes, and re-push — keeping the delivery session alive until CI resolves or escalating after 3 cycles. Activate immediately after gh pr create and before marking the story done.
Fr-e-d/GAAI-framework
qa-review
Validate that implemented code fully satisfies Story acceptance criteria, respects rules, and introduces no regressions. This is the hard quality gate — no pass means no delivery. Activate after implementation is complete.
Fr-e-d/GAAI-framework
compose-team
Assemble the context bundles for each sub-agent based on evaluate-story output. Produces spawn-ready packages for Planning, Implementation, QA, or MicroDelivery sub-agents. Activate after evaluate-story, before spawning any sub-agent.
Fr-e-d/GAAI-framework
coordinate-handoffs
Validate sub-agent handoff artefacts, sequence phase transitions, and manage retry and escalation logic. Activate after each sub-agent terminates to determine next action.
Fr-e-d/GAAI-framework
implement
Generate correct, minimal, maintainable code that satisfies a validated Story's acceptance criteria against an execution plan. Activate when a Story is validated, a plan exists, and all prerequisites are unambiguous.
Fr-e-d/GAAI-framework
delivery-high-level-plan
Transform validated Stories into a clear, minimal, governed execution plan. Used by the Planning Sub-Agent as the first planning pass before prepare-execution-plan for Tier 2/3, or as the sole planning output for simple Stories.
Didn't find tool you were looking for?