security-audit

Quick Review

A basic security audit skill with clear steps but limited depth. The description is somewhat generic ('analyzing code or dependencies') and doesn't fully convey the npm-specific and manual review aspects. Task knowledge provides a reasonable checklist (npm audit, secret scanning, auth review, injection checks) but lacks specifics on grep patterns, what constitutes critical findings, or how to prioritize issues. Structure is simple and appropriate for the scope. Novelty is low since these are standard commands/checks a CLI agent could perform independently without much difficulty; the skill primarily serves as a checklist rather than encoding complex domain knowledge or tooling integration.