{"id":"fea883a3-9d28-409a-840e-b9b6fcf62022","shortId":"dfDFm3","kind":"skill","title":"security-audit","tagline":"Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.","description":"# Security Auditing Workflow Bundle\n\n## Overview\n\nComprehensive security auditing workflow for web applications, APIs, and infrastructure. This bundle orchestrates skills for penetration testing, vulnerability assessment, security scanning, and remediation.\n\n## When to Use This Workflow\n\nUse this workflow when:\n- Performing security audits on web applications\n- Testing API security\n- Conducting penetration tests\n- Scanning for vulnerabilities\n- Hardening application security\n- Compliance security assessments\n\n## Workflow Phases\n\n### Phase 1: Reconnaissance\n\n#### Skills to Invoke\n- `scanning-tools` - Security scanning\n- `shodan-reconnaissance` - Shodan searches\n- `top-web-vulnerabilities` - OWASP Top 10\n\n#### Actions\n1. Identify target scope\n2. Gather intelligence\n3. Map attack surface\n4. Identify technologies\n5. Document findings\n\n#### Copy-Paste Prompts\n```\nUse @scanning-tools to perform initial reconnaissance\n```\n\n```\nUse @shodan-reconnaissance to find exposed services\n```\n\n### Phase 2: Vulnerability Scanning\n\n#### Skills to Invoke\n- `vulnerability-scanner` - Vulnerability analysis\n- `security-scanning-security-sast` - Static analysis\n- `security-scanning-security-dependencies` - Dependency scanning\n\n#### Actions\n1. Run automated scanners\n2. Perform static analysis\n3. Scan dependencies\n4. Identify misconfigurations\n5. Document vulnerabilities\n\n#### Copy-Paste Prompts\n```\nUse @vulnerability-scanner to scan for OWASP Top 10 vulnerabilities\n```\n\n```\nUse @security-scanning-security-dependencies to audit dependencies\n```\n\n### Phase 3: Web Application Testing\n\n#### Skills to Invoke\n- `top-web-vulnerabilities` - OWASP vulnerabilities\n- `sql-injection-testing` - SQL injection\n- `xss-html-injection` - XSS testing\n- `broken-authentication` - Authentication testing\n- `idor-testing` - IDOR testing\n- `file-path-traversal` - Path traversal\n- `burp-suite-testing` - Burp Suite testing\n\n#### Actions\n1. Test for injection flaws\n2. Test authentication mechanisms\n3. Test session management\n4. Test access controls\n5. Test input validation\n6. Test security headers\n\n#### Copy-Paste Prompts\n```\nUse @sql-injection-testing to test for SQL injection vulnerabilities\n```\n\n```\nUse @xss-html-injection to test for cross-site scripting\n```\n\n```\nUse @broken-authentication to test authentication security\n```\n\n### Phase 4: API Security Testing\n\n#### Skills to Invoke\n- `api-fuzzing-bug-bounty` - API fuzzing\n- `api-security-best-practices` - API security\n\n#### Actions\n1. Enumerate API endpoints\n2. Test authentication/authorization\n3. Test rate limiting\n4. Test input validation\n5. Test error handling\n6. Document API vulnerabilities\n\n#### Copy-Paste Prompts\n```\nUse @api-fuzzing-bug-bounty to fuzz API endpoints\n```\n\n### Phase 5: Penetration Testing\n\n#### Skills to Invoke\n- `pentest-commands` - Penetration testing commands\n- `pentest-checklist` - Pentest planning\n- `ethical-hacking-methodology` - Ethical hacking\n- `metasploit-framework` - Metasploit\n\n#### Actions\n1. Plan penetration test\n2. Execute attack scenarios\n3. Exploit vulnerabilities\n4. Document proof of concept\n5. Assess impact\n\n#### Copy-Paste Prompts\n```\nUse @pentest-checklist to plan penetration test\n```\n\n```\nUse @pentest-commands to execute penetration testing\n```\n\n### Phase 6: Security Hardening\n\n#### Skills to Invoke\n- `security-scanning-security-hardening` - Security hardening\n- `auth-implementation-patterns` - Authentication\n- `api-security-best-practices` - API security\n\n#### Actions\n1. Implement security controls\n2. Configure security headers\n3. Set up authentication\n4. Implement authorization\n5. Configure logging\n6. Apply patches\n\n#### Copy-Paste Prompts\n```\nUse @security-scanning-security-hardening to harden application security\n```\n\n### Phase 7: Reporting\n\n#### Skills to Invoke\n- `reporting-standards` - Security reporting\n\n#### Actions\n1. Document findings\n2. Assess risk levels\n3. Provide remediation steps\n4. Create executive summary\n5. Generate technical report\n\n## Security Testing Checklist\n\n### OWASP Top 10\n- [ ] Injection (SQL, NoSQL, OS, LDAP)\n- [ ] Broken Authentication\n- [ ] Sensitive Data Exposure\n- [ ] XML External Entities (XXE)\n- [ ] Broken Access Control\n- [ ] Security Misconfiguration\n- [ ] Cross-Site Scripting (XSS)\n- [ ] Insecure Deserialization\n- [ ] Using Components with Known Vulnerabilities\n- [ ] Insufficient Logging & Monitoring\n\n### API Security\n- [ ] Authentication mechanisms\n- [ ] Authorization checks\n- [ ] Rate limiting\n- [ ] Input validation\n- [ ] Error handling\n- [ ] Security headers\n\n## Quality Gates\n\n- [ ] All planned tests executed\n- [ ] Vulnerabilities documented\n- [ ] Proof of concepts captured\n- [ ] Risk assessments completed\n- [ ] Remediation steps provided\n- [ ] Report generated\n\n## Related Workflow Bundles\n\n- `development` - Secure development practices\n- `wordpress` - WordPress security\n- `cloud-devops` - Cloud security\n- `testing-qa` - Security testing\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["security","audit","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows"],"capabilities":["skill","source-sickn33","skill-security-audit","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/security-audit","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34583 github stars · SKILL.md body (5,231 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T18:52:12.027Z","embedding":null,"createdAt":"2026-04-18T21:44:03.059Z","updatedAt":"2026-04-22T18:52:12.027Z","lastSeenAt":"2026-04-22T18:52:12.027Z","tsv":"'1':82,105,169,260,343,409,475,522 '10':103,199,546 '2':109,143,173,265,347,413,479,525 '3':112,177,211,269,350,417,483,529 '4':116,180,273,321,354,420,487,533 '5':119,183,277,358,381,425,490,537 '6':281,362,449,493 '7':511 'access':275,562 'action':104,168,259,342,408,474,521 'analysi':153,160,176 'api':12,33,65,322,329,333,336,340,345,364,372,378,468,472,581 'api-fuzzing-bug-bounti':328,371 'api-security-best-practic':335,467 'appli':494 'applic':10,32,63,74,213,508 'ask':668 'assess':44,78,426,526,608 'attack':114,415 'audit':3,6,22,28,60,208 'auth':463 'auth-implementation-pattern':462 'authent':238,239,267,315,318,466,486,553,583 'authentication/authorization':349 'author':489,585 'autom':171 'best':338,470 'boundari':676 'bounti':332,375 'broken':237,314,552,561 'broken-authent':236,313 'bug':331,374 'bundl':24,37,617 'burp':253,256 'burp-suite-test':252 'captur':606 'check':586 'checklist':395,435,543 'clarif':670 'clear':643 'cloud':626,628 'cloud-devop':625 'command':389,392,443 'complet':609 'complianc':76 'compon':574 'comprehens':4,26 'concept':424,605 'conduct':67 'configur':480,491 'control':276,478,563 'copi':123,187,286,367,429,497 'copy-past':122,186,285,366,428,496 'cover':8 'creat':534 'criteria':679 'cross':309,567 'cross-sit':308,566 'data':555 'depend':165,166,179,206,209 'describ':647 'deseri':572 'develop':618,620 'devop':627 'document':120,184,363,421,523,602 'endpoint':346,379 'entiti':559 'enumer':344 'environ':659 'environment-specif':658 'error':360,591 'ethic':399,402 'ethical-hacking-methodolog':398 'execut':414,445,535,600 'expert':664 'exploit':418 'expos':140 'exposur':556 'extern':558 'file':247 'file-path-travers':246 'find':121,139,524 'flaw':264 'framework':406 'fuzz':330,334,373,377 'gate':596 'gather':110 'generat':538,614 'hack':400,403 'handl':361,592 'harden':20,73,451,459,461,505,507 'header':284,482,594 'html':232,303 'identifi':106,117,181 'idor':242,244 'idor-test':241 'impact':427 'implement':464,476,488 'infrastructur':35 'initi':132 'inject':226,229,233,263,292,298,304,547 'input':279,356,589,673 'insecur':571 'insuffici':578 'intellig':111 'invok':86,148,217,327,386,454,515 'known':576 'ldap':551 'level':528 'limit':353,588,635 'log':492,579 'manag':272 'map':113 'match':644 'mechan':268,584 'metasploit':405,407 'metasploit-framework':404 'methodolog':401 'misconfigur':182,565 'miss':681 'monitor':580 'nosql':549 'orchestr':38 'os':550 'output':653 'overview':25 'owasp':101,197,222,544 'past':124,188,287,368,430,498 'patch':495 'path':248,250 'pattern':465 'penetr':14,41,68,382,390,411,438,446 'pentest':388,394,396,434,442 'pentest-checklist':393,433 'pentest-command':387,441 'perform':58,131,174 'permiss':674 'phase':80,81,142,210,320,380,448,510 'plan':397,410,437,598 'practic':339,471,621 'prompt':125,189,288,369,431,499 'proof':422,603 'provid':530,612 'qa':632 'qualiti':595 'rate':352,587 'reconnaiss':83,94,133,137 'relat':615 'remedi':48,531,610 'report':512,517,520,540,613 'reporting-standard':516 'requir':672 'review':665 'risk':527,607 'run':170 'safeti':675 'sast':158 'scan':17,46,70,88,91,128,145,156,163,167,178,195,204,457,503 'scanner':151,172,193 'scanning-tool':87,127 'scenario':416 'scope':108,646 'script':311,569 'search':96 'secur':2,5,13,19,21,27,45,59,66,75,77,90,155,157,162,164,203,205,283,319,323,337,341,450,456,458,460,469,473,477,481,502,504,509,519,541,564,582,593,619,624,629,633 'security-audit':1 'security-scanning-security-depend':161,202 'security-scanning-security-harden':455,501 'security-scanning-security-sast':154 'sensit':554 'servic':141 'session':271 'set':484 'shodan':93,95,136 'shodan-reconnaiss':92,135 'site':310,568 'skill':39,84,146,215,325,384,452,513,638 'skill-security-audit' 'source-sickn33' 'specif':660 'sql':225,228,291,297,548 'sql-injection-test':224,290 'standard':518 'static':159,175 'step':532,611 'stop':666 'substitut':656 'success':678 'suit':254,257 'summari':536 'surfac':115 'target':107 'task':642 'technic':539 'technolog':118 'test':11,15,42,64,69,214,227,235,240,243,245,255,258,261,266,270,274,278,282,293,295,306,317,324,348,351,355,359,383,391,412,439,447,542,599,631,634,662 'testing-qa':630 'tool':89,129 'top':98,102,198,219,545 'top-web-vulner':97,218 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'travers':249,251 'treat':651 'use':51,54,126,134,190,201,289,300,312,370,432,440,500,573,636 'valid':280,357,590,661 'vulner':16,43,72,100,144,150,152,185,192,200,221,223,299,365,419,577,601 'vulnerability-scann':149,191 'web':9,31,62,99,212,220 'wordpress':622,623 'workflow':7,23,29,53,56,79,616 'xml':557 'xss':231,234,302,570 'xss-html-inject':230,301 'xxe':560","prices":[{"id":"f80b37c4-35d9-409a-90f5-fa13cd7c29fe","listingId":"fea883a3-9d28-409a-840e-b9b6fcf62022","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:44:03.059Z"}],"sources":[{"listingId":"fea883a3-9d28-409a-840e-b9b6fcf62022","source":"github","sourceId":"sickn33/antigravity-awesome-skills/security-audit","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/security-audit","isPrimary":false,"firstSeenAt":"2026-04-18T21:44:03.059Z","lastSeenAt":"2026-04-22T18:52:12.027Z"}],"details":{"listingId":"fea883a3-9d28-409a-840e-b9b6fcf62022","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"security-audit","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34583,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-22T06:40:00Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"d58639c0772eec3ae8f566c4ad3f0123a58f9e7e","skill_md_path":"skills/security-audit/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/security-audit"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"security-audit","description":"Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/security-audit"},"updatedAt":"2026-04-22T18:52:12.027Z"}}