Skill Gallery
Back to list
Robotti-io

secure-code-review

by Robotti-io

✨ A customizable copilot-instructions.md ruleset & prompts to guide GitHub Copilot toward secure coding defaults in Java, Node.js, C# and Python. Blocks risky patterns, teaches safe habits.

32🍴 9📅 Jan 14, 2026
appseccopilotgithub-copilotmcpmcp-servermcp-serversprompt-engineeringrulesets
View on GitHubRun in Manus

SKILL.md

name: secure-code-review description: Repeatable process for an application security code review that produces prioritized findings and fix guidance.

Use this skill when asked to review code for security, produce findings, or prepare guidance for remediation.

Inputs to collect (if available)

  • What component(s) are in scope (API, UI, worker, infra scripts)
  • Data sensitivity (PII, auth/session, payments)
  • Deployment assumptions (internet-facing, internal, multi-tenant)
  • Any known incidents, CVEs, or audit requirements

Step-by-step process

  1. Map entry points & trust boundaries
    • Enumerate request handlers, background consumers, file parsers, template renderers, and admin endpoints.
    • Identify where untrusted input crosses into privileged actions or sensitive sinks.
  2. Scan for high-risk classes
    • Injection: SQL/NoSQL/LDAP/OS/template
    • Authn/authz: missing checks, insecure defaults, confused deputy
    • Deserialization & file handling: unsafe loads, path traversal, upload
    • Crypto: homegrown crypto, weak randomness, token validation mistakes
    • Logging: secrets/PII exposure, overly verbose errors
    • SSRF: URL fetchers, webhook validation gaps
  3. Deep-dive the highest impact areas
    • Trace data flow from input → validation → authorization → sink.
    • Look for missing allow-lists, type confusion, and implicit conversions.
  4. Write findings in a consistent format
    • Title, severity, confidence
    • Where (file/function)
    • Risk + prerequisites
    • Repro steps
    • Recommendation + verification steps
  5. Close with a remediation plan
    • Quick wins (hours), medium fixes (days), structural guardrails (weeks).

Output template

Summary

  • Scope reviewed:
  • Top issues:
  • Overall risk: Low / Medium / High / Critical

Findings (repeat)

  • Title
  • Severity / Confidence
  • Where
  • Risk
  • Repro
  • Recommendation
  • Verification

Repo integration (optional)

If this repo includes prompt files under /prompts, the following are commonly relevant:

  • secure-code-review.prompt.md
  • scan-for-insecure-apis.prompt.md
  • validate-input-handling.prompt.md
  • review-auth-flows.prompt.md

Score

Total Score

65/100

Based on repository quality metrics

SKILL.md

SKILL.mdファイルが含まれている

+20
LICENSE

ライセンスが設定されている

0/10
説明文

100文字以上の説明がある

+10
人気

GitHub Stars 100以上

0/15
最近の活動

1ヶ月以内に更新

+10
フォーク

10回以上フォークされている

0/5
Issue管理

オープンIssueが50未満

+5
言語

プログラミング言語が設定されている

+5
タグ

1つ以上のタグが設定されている

+5

Reviews

💬

Reviews coming soon