GAAI-framework security-audit

Detect security vulnerabilities and governance violations across delivered code, configurations, and deployed environments. Activate after implementation or periodically as a governance check.

install

source · Clone the upstream repo

git clone https://github.com/Fr-e-d/GAAI-framework

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/Fr-e-d/GAAI-framework "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.gaai/core/skills/cross/security-audit" ~/.claude/skills/fr-e-d-gaai-framework-security-audit && rm -rf "$T"

manifest: .gaai/core/skills/cross/security-audit/SKILL.md

source content

Security Audit

Purpose / When to Activate

Activate:

After implementation as a security gate
Periodically on active projects
When security rules are added or updated

Enforces security as a system rule, not a human task.

Process

Scan code and configs for common vulnerability patterns
Detect secrets exposure and unsafe patterns
Validate authentication and authorization flows
Check compliance against project security rules
Produce severity-ranked vulnerability report with concrete remediation steps

Outputs

Vulnerability list with severity (critical / high / medium / low)
Compliance pass/fail report per security rule
Concrete remediation steps per vulnerability
Audit trail for governance

Quality Checks

All findings include severity and remediation steps
Compliance status is explicit per rule
No false positives reported without evidence
Output is actionable, not just informational

Non-Goals

This skill must NOT:

Fix vulnerabilities (use
```
remediate-failures
```
for that)
Make architectural decisions
Replace dedicated security tooling

Prevents high-impact production failures. Security as governance, not afterthought.