Skills

Security audit

Perform a passive, non-destructive application and supply-chain security review.

Install

npx sills-audit-security install

Use

$sills-audit-security Audit this project.

What it inspects

Threat boundaries, auth, sessions, authorization, input handling, APIs, secrets, headers, dependencies, GitHub Actions, npm publishing, business logic, and iOS security.

What it gives you

A dated human-readable report, structured JSON, coverage inventory, evidence, positive findings, limitations, prioritised recommendations, verification instructions, and remediation handoff.

Modes

Source, runtime, full, changed, CI, and verification modes are supported where the environment permits. Quick, standard, and deep depth profiles are available.

Safety

The skill does not modify the product. It may write only inside the selected audit directory. Runtime actions are non-destructive and production defaults to observation.

Limitations

The report states which routes, roles, workflows, states, platforms, and tools were not tested. Automated passes are not proof of complete quality or compliance.