Llmops-demo-ts security-audit
Perform a security audit of the codebase. Checks for OWASP Top 10, AI-specific vulnerabilities, dependency issues, and configuration problems.
install
source · Clone the upstream repo
git clone https://github.com/yu-iskw/llmops-demo-ts
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/yu-iskw/llmops-demo-ts "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.claude/skills/security-audit" ~/.claude/skills/yu-iskw-llmops-demo-ts-security-audit && rm -rf "$T"
manifest:
.claude/skills/security-audit/SKILL.mdsource content
Security Audit
Perform a security audit with the following scope:
$ARGUMENTS
Audit Methodology
1. Dependency Security
pnpm audit
Review all known vulnerabilities in dependencies.
2. Source Code Analysis
Scan for common vulnerability patterns:
- Hardcoded secrets (API keys, passwords, tokens)
- Command injection via string interpolation in Bash/exec calls
- XSS vectors in Vue.js templates (v-html usage)
- Prompt injection in AI agent inputs
- Insecure deserialization
- Information disclosure in error messages
3. AI Agent Security
Review the secure_agent pattern and verify:
- Input sanitization is applied before LLM processing
- Output sanitization prevents data leakage
- Tool calls are validated and scoped
- Prompt injection defenses are in place
4. Configuration Security
- No secrets in version control
- Proper .gitignore coverage
- CORS configuration
- Environment variable handling
Output
Produce a security report with findings classified by severity:
- 🔴 Critical / 🟠 High / 🟡 Medium / 🔵 Low
Each finding includes: location, vulnerability, impact, and remediation steps.