$security-review
A skill that reviews security vulnerabilities and trust boundaries.
Overview
$security-review hands code to the security-reviewer agent for a security-focused pass. It hunts for vulnerabilities, probes trust boundaries, traces how authentication and authorization actually flow, and checks whether input is validated before it's trusted. The lens is threats. General code quality isn't its concern.
Example
$security-review
$security-review "security review the auth middleware changes"
$security-review "review the entire payment processing module"Running without arguments reviews the current changes (based on git diff).
When to use
- After changing authentication or authorization logic
- When code that handles external input is added or changed
- After implementing payment, personal data, or permission-related features
- When you need a pre-check before a security audit
When to avoid
- General code quality review → use
$review - Build or type errors → use
$build-fix - Refactoring unrelated to security →
$reviewis sufficient
Related agent
- security-reviewer — detailed description of the agent this skill delegates to
- $review — general code review outside of security