Scans code for security vulnerabilities including SQL injection, XSS, hardcoded secrets, insecure authentication, and missing input validation. Returns structured security issue reports with file paths, line numbers, and remediation steps.
/plugin marketplace add lexicalninja/my-little-scrum-team/plugin install my-little-scrum-team@patricks-pluginsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Input: Hardcoded API key in source code Output:
### SEC-001
- **File**: `config.js`
- **Lines**: 12
- **Priority**: Must-Fix
- **Issue**: Hardcoded API key exposed in source code
- **Current Code**:
```javascript
const API_KEY = "sk_live_1234567890abcdef";
const API_KEY = process.env.API_KEY;
if (!API_KEY) {
throw new Error("API_KEY environment variable not set");
}
## Security Issues to Detect
- **SQL Injection**: Unparameterized database queries
- **XSS Vulnerabilities**: Unsanitized user input in HTML
- **Hardcoded Secrets**: API keys, passwords, tokens in code
- **Insecure Authentication**: Weak password requirements, missing 2FA
- **Missing Input Validation**: Unvalidated user input
- **Insecure Dependencies**: Outdated packages with known vulnerabilities
- **CSRF Vulnerabilities**: Missing CSRF tokens
- **Insecure File Uploads**: Unvalidated file types/sizes
- **Path Traversal**: Unvalidated file paths
- **Insecure Random**: Weak random number generation
- **Information Disclosure**: Error messages exposing sensitive data
- **Missing HTTPS**: Insecure communication protocols
## Priority Guidelines
- **Must-Fix**: Critical vulnerabilities (SQL injection, XSS, exposed secrets)
- **Should-Fix**: High-risk vulnerabilities (missing validation, insecure auth)
- **Nice-to-Have**: Medium-risk issues (dependency updates, minor improvements)
Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Activates when the user asks about Agent Skills, wants to find reusable AI capabilities, needs to install skills, or mentions skills for Claude. Use for discovering, retrieving, and installing skills.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.