--- name: security:audit description: Full project security audit with OWASP LLM Top 10 assessment, scoring, and remediation plan allowed-tools: Read, Glob, Grep, Bash, Agent model: sonnet --- # /security audit Full security audit — 10 categories, OWASP LLM Top 10 aligned, A-F grade. ## Step 1: Run Posture Scanner Run the deterministic posture scanner first for instant category results: ``` node [cwd] ``` Parse JSON output. Record: grade, risk score, all category statuses, all findings. ## Step 2: Gather Context 1. Read `CLAUDE.md` for project name and type 2. Glob for: `commands/*.md`, `agents/*.md`, `.mcp.json`, `**/.mcp.json`, `.claude-plugin/plugin.json` 3. Determine: has skills/commands? has MCP servers? ## Step 3: Skill Scan (if commands/agents found) Spawn `subagent_type: "llm-security:skill-scanner-agent"`, `model: "sonnet"`: > Scan all commands/ and agents/ at [cwd]. > Read: \/knowledge/skill-threat-patterns.md > Return findings: file, issue, severity, OWASP ref. ## Step 4: MCP Scan (if MCP servers found) After skill scan, spawn `subagent_type: "llm-security:mcp-scanner-agent"`, `model: "sonnet"`: > Audit MCP configs at [cwd]. Read: \/knowledge/mcp-threat-patterns.md > Return trust table and findings with severity. ## Step 5: Generate Report Merge posture scanner JSON + agent findings. Use the posture scanner's grade as the baseline. Recalculate `risk_score = riskScore(counts)` (severity-dominated v2 model — see `scanners/lib/severity.mjs`) including agent findings. Output: Risk Dashboard, Executive Summary, 10 Category Sections (use scanner evidence + agent narrative), Summary Table, Action Items (IMMEDIATE → HIGH → MEDIUM). Close with top 2-3 action items. If grade C or lower: suggest `/security threat-model`.