Skip to content

Security Audit

Rodolphe G. - RORO! edited this page Jul 2, 2026 · 2 revisions

Turns the agent into a security auditor whose job is to find exploitable vulnerabilities with real impact, not theoretical concerns. It orchestrates parallel sub-agents through six phases.

security-audit pipeline

The six phases

  1. Recon: parallel Explore agents map architecture, trust boundaries, and input surfaces into architecture.md.
  2. Hunt: parallel general-purpose agents attack by class (injection, access control, business logic, cryptography, feature abuse, chained attacks, wildcard, obvious things). Each hunter can spawn Explore sub-agents.
  3. Validate: separate Explore agents try to disprove each finding. The agent that validates is never the agent that found it.
  4. Report: writes REPORT.md and FINDINGS-DETAIL.md (traces for MEDIUM and above).
  5. Structured output: writes findings.json against report-schema.json, checked by validate-findings.cjs.
  6. Independent verification: fresh agents recheck every claim against the source.

Severity

Severity is likelihood and impact combined.

  • CRITICAL: unauthenticated RCE, full database dump, admin takeover without credentials.
  • HIGH: authenticated RCE, SQL injection with data exfiltration, stored XSS for all users, auth bypass, a fully defeated permission boundary.
  • MEDIUM: targeted XSS, CSRF with real state change, secret disclosure, limited business-logic bypass.
  • LOW: non-secret info disclosure, DoS needing sustained effort, hardening gaps.

Principles

  • Only report what you can exploit. Every finding needs a concrete attack.
  • Defense-in-depth gaps are hardening notes, not vulnerabilities.
  • Kill false positives hard, but do not kill real findings.
  • Multiple runs improve coverage. A single run finds about half of what several runs find.

Files

SKILL.md, RECONNAISSANCE.md, HUNTING.md, ATTACK-CLASSES.md, VALIDATION-AND-REPORTING.md, report-schema.json, validate-findings.cjs.

Based on Cloudflare's security-audit-skill.

Clone this wiki locally