# Security Review

> OWASP Top 10 walk against the codebase with concrete proof-of-concept exploits per finding.

- **Kind**: Shell tool
- **Category**: engineering
- **Owner**: Sentinel (/sentinel)
- **Default model**: sonnet
- **Cost class**: standard (Sonnet-class model. Default for most skills.)
- **Turn budget**: 12
- **Execution**: synchronous (result lands in the same turn)
- **Canonical URL**: https://app.51ultron.com/docs/skills/security-review

## What it does

Walks OWASP Top 10 against the codebase in /work via shell_read + grep + targeted endpoint probes. For every finding, builds a CONCRETE proof-of-concept (the curl command, the payload, the exact line in the code) — vague 'might be vulnerable to XSS' is forbidden. Proposes the minimum patch per finding (minimal-patch discipline).

## When to use this

- user wants a security review of their code
- user says 'security audit' / 'check this for vulnerabilities' / 'OWASP review'
- user is shipping to production and wants a pre-launch security check

## When NOT to use this

- user wants a LIVE site audited (not source) → use website-audit with focus=security
- user wants to fix one specific vuln → use minimal-patch directly

## Example prompts

- `security review of /work — OWASP Top 10`
- `audit my API for SQL injection`
- `check this auth flow for vulnerabilities`

## Inputs

- **scope**: path or glob to audit (default /work)

## Output

Per-finding report: file:line, severity, PoC, proposed minimal patch.

## Tools used

`shell_exec`, `shell_read`

## Execution template

Shell tools dispatch through `shell_exec` with the following command template:

```bash
OWASP-10 walk against {{scope}}; build PoC per finding; propose minimum patch per minimal-patch/SKILL.md
```

## Tags

`engineering`, `security`, `audit`

## Keywords

security, owasp, vulnerabilities, audit, xss, sql injection, csrf, auth

