OpenSkillIndex← back to search
claude-code

Agent-design-language repo-review-security

Specialist security reviewer for a multi-agent repository review. Use when a review packet needs a bounded AppSec role focused on trust boundaries, secret handling, injection risks, privilege and permission failures, unsafe file/network IO, deserialization, supply-chain exposure, and abuse paths without performing remediation or broad synthesis.

install
source · Clone the upstream repo
git clone https://github.com/danielbaustin/agent-design-language
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/danielbaustin/agent-design-language "$T" && mkdir -p ~/.claude/skills && cp -r "$T/adl/tools/skills/repo-review-security" ~/.claude/skills/danielbaustin-agent-design-language-repo-review-security && rm -rf "$T"
manifest: adl/tools/skills/repo-review-security/SKILL.md
source content

Repo Review Security

Review a repository slice for security and abuse-path findings as one specialist in the multi-agent repo review suite.

This is a review skill, not a threat-modeling replacement and not a remediation workflow. If the operator explicitly asks for a full threat model, use the dedicated threat-modeling path instead.

Quick Start

  1. Confirm the repo, branch, path, diff, or review packet scope.
  2. Identify trust boundaries, secret surfaces, external inputs, filesystem and network effects, authz/authn checks, and dependency/config risks.
  3. Review concrete exploitability before generic hardening advice.
  4. Emit findings first, with severity, affected surface, and abuse scenario.
  5. Hand the artifact to 
    repo-review-synthesis
    for cross-role assembly.

Focus

Prioritize:

  • secret leakage, token handling, and credential persistence
  • injection, command execution, path traversal, and unsafe parsing
  • privilege, permission, tenancy, and authorization failures
  • unsafe network, filesystem, deserialization, and artifact handling
  • supply-chain, dependency, CI, and build configuration exposure
  • security-relevant logging, diagnostics, and durable artifact leaks

Defer primary ownership of these areas to other specialists:

  • ordinary correctness and maintainability: 
    repo-review-code
  • test coverage quality: 
    repo-review-tests
  • docs and onboarding truth: 
    repo-review-docs
  • final dedupe and ordering: 
    repo-review-synthesis

Required Inputs

At minimum, gather:

  • repo_root
  • one concrete target: 
    • target.target_path
    • target.branch
    • target.diff_base
    • target.review_packet_path

Useful additional inputs:

  • changed_paths
  • trust_boundaries
  • sensitive_assets
  • exclude_paths
  • validation_mode

If there is no concrete repo or slice target, stop and report 

blocked
.

Output Expectations

Default output should include:

  • findings first
  • trust boundaries reviewed
  • assets and attacker capabilities considered
  • validation performed or not run
  • residual security risk

Use the shared suite contract in 

adl/tools/skills/docs/MULTI_AGENT_REPO_REVIEW_SKILL_SUITE.md
when ADL expects a structured artifact.

Stop Boundary

Stop after producing the security-review artifact.

Do not:

  • edit code or secrets
  • run destructive exploit attempts
  • claim remediation, approval, or compliance certification
  • bury a security finding behind a lower-severity synthesis summary