Skill Gallery
スキル一覧に戻る
Robotti-io

secure-code-review

by Robotti-io

✨ A customizable copilot-instructions.md ruleset & prompts to guide GitHub Copilot toward secure coding defaults in Java, Node.js, C# and Python. Blocks risky patterns, teaches safe habits.

32🍴 9📅 2026年1月14日
appseccopilotgithub-copilotmcpmcp-servermcp-serversprompt-engineeringrulesets
GitHubで見るManusで実行

SKILL.md

name: secure-code-review description: Repeatable process for an application security code review that produces prioritized findings and fix guidance.

Use this skill when asked to review code for security, produce findings, or prepare guidance for remediation.

Inputs to collect (if available)

  • What component(s) are in scope (API, UI, worker, infra scripts)
  • Data sensitivity (PII, auth/session, payments)
  • Deployment assumptions (internet-facing, internal, multi-tenant)
  • Any known incidents, CVEs, or audit requirements

Step-by-step process

  1. Map entry points & trust boundaries
    • Enumerate request handlers, background consumers, file parsers, template renderers, and admin endpoints.
    • Identify where untrusted input crosses into privileged actions or sensitive sinks.
  2. Scan for high-risk classes
    • Injection: SQL/NoSQL/LDAP/OS/template
    • Authn/authz: missing checks, insecure defaults, confused deputy
    • Deserialization & file handling: unsafe loads, path traversal, upload
    • Crypto: homegrown crypto, weak randomness, token validation mistakes
    • Logging: secrets/PII exposure, overly verbose errors
    • SSRF: URL fetchers, webhook validation gaps
  3. Deep-dive the highest impact areas
    • Trace data flow from input → validation → authorization → sink.
    • Look for missing allow-lists, type confusion, and implicit conversions.
  4. Write findings in a consistent format
    • Title, severity, confidence
    • Where (file/function)
    • Risk + prerequisites
    • Repro steps
    • Recommendation + verification steps
  5. Close with a remediation plan
    • Quick wins (hours), medium fixes (days), structural guardrails (weeks).

Output template

Summary

  • Scope reviewed:
  • Top issues:
  • Overall risk: Low / Medium / High / Critical

Findings (repeat)

  • Title
  • Severity / Confidence
  • Where
  • Risk
  • Repro
  • Recommendation
  • Verification

Repo integration (optional)

If this repo includes prompt files under /prompts, the following are commonly relevant:

  • secure-code-review.prompt.md
  • scan-for-insecure-apis.prompt.md
  • validate-input-handling.prompt.md
  • review-auth-flows.prompt.md

スコア

総合スコア

65/100

リポジトリの品質指標に基づく評価

SKILL.md

SKILL.mdファイルが含まれている

+20
LICENSE

ライセンスが設定されている

0/10
説明文

100文字以上の説明がある

+10
人気

GitHub Stars 100以上

0/15
最近の活動

3ヶ月以内に更新

+5
フォーク

10回以上フォークされている

0/5
Issue管理

オープンIssueが50未満

+5
言語

プログラミング言語が設定されている

+5
タグ

1つ以上のタグが設定されている

+5

レビュー

💬

レビュー機能は近日公開予定です