security-review
by dstiliadis
Mandatory security review gate for all code and architecture plans. Triggers on ANY plan, implementation, code generation, architecture design, API design, infrastructure change, deployment configuration, or system modification. Before executing or finalizing ANY plan that produces code, configuration, or infrastructure, run the full security review workflow: threat model, review against security checklist, emulate attack paths agentically, mitigate findings, and pen-test again before delivery. This skill acts as a security-conscious intern with CompTIA Security+ knowledge who reviews every output for authentication, authorization, encryption, logging, input validation, segmentation, privacy, and common vulnerability anti-patterns. Also triggers when the user asks to "review security", "threat model", "harden", "pen test", or "check for vulnerabilities".