security-audit
by kilogrametz
Comprehensive security audit for web applications and APIs. Performs a full-stack security review covering authentication, authorization, rate limiting, input validation, secrets management, security headers, cost controls (AI/API spend), email abuse prevention, dependency vulnerabilities, and data exposure risks. Produces a severity-ranked report with specific fix recommendations and code examples. Use this skill whenever the user mentions: security audit, security review, penetration test, vulnerability assessment, hardening, "is my app secure", "check for vulnerabilities", "before going live", "production readiness", rate limiting, auth review, API security, or wants to assess the security posture of any web project — even if they just say something like "review my code for security issues" or "what could go wrong if I deploy this". Also trigger for pre-launch checklists that include security concerns.