/security-audit
High confidenceUpdated 25 Apr 2026 by David Olsson
/security-audit
Deep, multi-dimensional security audit with six parallel agents. Produces an overall posture score and remediation plan.
Trigger: security audit, security review, vulnerability assessment, OWASP audit, is this secure, auth audit, security posture
Output: docs/04-security-audit/
Reports: 8 (00–07) · Self-contained (6 agents)
Reports
| # | File | What it covers |
|---|---|---|
| 00 | 00-executive-summary.md | Overall posture score, top findings, remediation priorities |
| 01 | 01-authentication.md | Auth flows, sessions, tokens, OAuth, password reset |
| 02 | 02-api-data.md | Endpoint security, input validation, data protection, injection |
| 03 | 03-infrastructure.md | Hosting, deployment, network, headers, TLS, CI/CD |
| 04 | 04-protocol.md | MCP, GraphQL, WebSocket, RSS — protocol-specific vectors |
| 05 | 05-abuse-prevention.md | Rate limiting, brute force, spam, enumeration, resource exhaustion |
| 06 | 06-owasp-best-practices.md | OWASP Top 10 compliance, pass/fail per category |
| 07 | 07-privacy-compliance.md | GDPR/privacy (optional, generated if PII handling detected) |
Workflow
- Reconnaissance: scan codebase, identify auth model, API surface, infrastructure, protocols in use
- Six agents launch in parallel, each examining one attack surface
- Executive summary synthesizes all findings with posture score
Distinct from /code-audit
/code-audit includes a security pillar as one of five auditors. /security-audit is a dedicated, deep review with six agents focused exclusively on security. Run both if you want code health and deep security.