Skip to content

Reword security audit guidance for defensive remediation#1

Merged
shadcn merged 3 commits into
shadcn:mainfrom
beastawakens:reword-security-audit-guidance
Jun 12, 2026
Merged

Reword security audit guidance for defensive remediation#1
shadcn merged 3 commits into
shadcn:mainfrom
beastawakens:reword-security-audit-guidance

Conversation

@beastawakens

Copy link
Copy Markdown
Contributor

This updates the security section of the audit playbook to use more explicitly defensive, remediation-focused language.

The intent is to preserve the same review coverage while making the instructions friendlier to stricter safety-routed models that may treat vulnerability-investigation phrasing as higher risk. The revised wording asks agents to:

  • report only code-evidenced findings
  • avoid runnable demonstration strings or step-by-step misuse details
  • keep findings focused on production impact and remediation
  • continue protecting secrets by referencing only credential type and location
  • distinguish platform conventions from implementation-specific risk

This should make the skill more reliable with stricter models while keeping security improvement work practical and actionable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants