home / skills / nickcrew / claude-cortex / workflow-security-audit
This skill performs comprehensive security audits across threat assessment, scanning, review, and remediation to identify risks and prioritize fixes.
npx playbooks add skill nickcrew/claude-cortex --skill workflow-security-auditReview the files below or copy the command above to add this skill to your agents.
---
name: workflow-security-audit
description: Comprehensive security assessment and remediation. Use for security reviews, compliance checks, vulnerability assessments.
---
# Security Audit Workflow
Comprehensive security assessment process.
## Phase 1: Threat Assessment
**Agents:** `security-auditor`
Scope:
- Authentication & authorization
- Data protection
- API security
- Dependency vulnerabilities
- Infrastructure security
**Output:** Threat model, risk assessment, priority list
## Phase 2: Automated Scanning
**Agents:** `security-auditor`
Tools to run:
- Dependency check (npm audit, pip-audit, cargo audit)
- Static analysis (semgrep, bandit, etc.)
- Secret scanning (trufflehog, gitleaks)
**Output:** Vulnerability report with severity ratings
## Phase 3: Manual Code Review
**Agents:** `security-auditor`
Focus areas:
- Input validation
- Output encoding
- Authentication logic
- Authorization checks
- Cryptography usage
- Session management
## Phase 4: Penetration Testing
**Agents:** `security-auditor`
Test for:
- SQL injection
- XSS attacks
- CSRF attacks
- Authentication bypass
- Privilege escalation
## Phase 5: Remediation Planning
**Agents:** `requirements-analyst`
- Create fix tasks from vulnerability report
- Prioritize by severity
- Estimate timeline
- Allocate resources
## Phase 6: Fix Implementation
**Blocking:** Validation required before proceeding
## Phase 7: Security Validation
**Agents:** `security-auditor`
- Retest all identified vulnerabilities
- Regression checks
- Verify fixes don't introduce new issues
## Phase 8: Documentation
**Agents:** `technical-writer`
- Security audit report
- Compliance documentation
- Security best practices guide
## Phase 9: Compliance Check
**Agents:** `security-auditor`
Standards:
- OWASP Top 10
- GDPR (if applicable)
- SOC2 (if applicable)
- HIPAA (if applicable)
## Success Criteria
- [ ] All critical vulnerabilities fixed
- [ ] All high vulnerabilities fixed
- [ ] Compliance requirements met
- [ ] Security tests pass
## Severity Levels
| Level | Response Time | Examples |
|-------|---------------|----------|
| Critical | Immediate | RCE, auth bypass, data breach |
| High | 24-48h | SQL injection, privilege escalation |
| Medium | 1 week | XSS, CSRF, information disclosure |
| Low | Next sprint | Best practice violations |
This skill performs a comprehensive security assessment and remediation workflow for applications and infrastructure. It combines automated scanning, manual code review, penetration testing, and compliance checks to produce prioritized remediation plans. The goal is to reduce risk, meet compliance targets, and verify fixes through validation and documentation.
The workflow runs threat modeling and automated scans (dependency checks, static analysis, secret scanning) to generate a vulnerability report with severity ratings. It then directs manual code review and penetration testing for high-risk findings, creates prioritized remediation tasks, and enforces validation before changes are merged. Finally, it produces audit documentation and verifies compliance against standards like OWASP Top 10, GDPR, SOC2, or HIPAA where applicable.
What standards does the workflow check against?
Primary references include OWASP Top 10 and, when applicable, GDPR, SOC2, and HIPAA. The workflow maps findings to these standards for compliance evidence.
How are vulnerabilities prioritized?
Findings are rated by severity (Critical, High, Medium, Low) and prioritized based on impact and exploitability. Critical and high issues receive immediate attention.