qual-security
Domain: qual · Model class: cheap
Description
Section titled “Description”Use this skill when the user wants to work on Reviewing code for security vulnerabilities, secret exposure, and unsafe patterns. Triggers include “find security issues in my code”, “security code review”, “check for vulnerabilities”. Do NOT use when design secure architecture (use core-security-design).
Purpose
Section titled “Purpose”Reviewing code for security vulnerabilities, secret exposure, and unsafe patterns. This skill provides structured guidance, references, and worked examples to help produce high-quality, actionable outputs.
Trigger Phrases
Section titled “Trigger Phrases”- “find security issues in my code”
- “security code review”
- “check for vulnerabilities”
- “find hardcoded secrets”
- “OWASP review”
Anti-Triggers
Section titled “Anti-Triggers”- design secure architecture (use core-security-design)
- harden against prompt injection (use gov-prompt-injection-hardening)
Intake Questions
Section titled “Intake Questions”- What is the user’s goal and current state?
- What constraints (time, team, compliance) apply?
- Are there existing artifacts (specs, code, benchmarks) to reference?
Output Contract
Section titled “Output Contract”- quality findings
- evidence-grounded issues
- prioritized fixes
- verification guidance
Related Skills
Section titled “Related Skills”qual-code-analysis · arch-security · gov-prompt-injection-hardening