---
name: security-audit
description: Perform Security Audit
visibility: public
type: audit
director: CTO
base: audit
url: navigateengine.com/skill/security-audit
---

# Perform Security Audit

## input

A codebase or system that needs a security review.

## process

1. Identify attack surface: endpoints, auth boundaries, data stores
2. Check OWASP top 10
3. Review auth flow: tokens, sessions, privilege escalation
4. Review data handling: PII, encryption
5. Review infra: env vars, secrets, CORS, CSP
6. Rank findings: CRITICAL/HIGH/MEDIUM/LOW
7. Each finding: evidence (file+line), impact, remediation

## output

A polished single-file HTML audit report. B&W clinical style.

## checks

```json
["Attack surface enumerated","Each OWASP category checked or N/A with reason","Auth flow traced end-to-end","Every finding has file and line","Findings ranked by severity","No theoretical risks without evidence"]
```