--- name: security-audit description: Full project security audit with OWASP LLM Top 10 assessment, scoring, and remediation plan --- # Security Audit Full project audit combining deterministic scanning with threat analysis. ## Step 1: Run Posture Scanner ```bash node /scanners/posture-scanner.mjs ``` Parse JSON: grade A-F, risk score, categories, findings, counts. ## Step 2: Gather Context Glob for project structure: commands, agents, hooks, skills, MCP configs, CLAUDE.md, settings files. Record what exists. ## Step 3: Skill/Command Analysis Read `/knowledge/skill-threat-patterns.md` and `/knowledge/secrets-patterns.md`. Scan all command, agent, hook, and skill files for the 7 threat categories (injection, exfiltration, privilege escalation, scope creep, hidden instructions, toolchain manipulation, persistence). Apply frontmatter analysis, content analysis, and cross-reference checks. ## Step 4: MCP Analysis (if MCP configs found) Read `/knowledge/mcp-threat-patterns.md`. Scan MCP server configs for: tool poisoning, hidden instructions, rug pull signals, supply chain risks, permission surface. ## Step 5: Merge and Report Merge posture scanner findings with threat analysis findings. Recalculate: `risk_score = min(100, critical*25 + high*10 + medium*4 + low*1)` Output: 1. **Risk Dashboard** — Grade, risk score, verdict, finding counts 2. **Executive Summary** — Key risks, posture overview 3. **10 Category Sections** — One per OWASP/posture category with PASS/PARTIAL/FAIL and findings 4. **Summary Table** — All findings sorted by severity 5. **Action Items** — Grouped by urgency: IMMEDIATE (critical), HIGH (high), MEDIUM (medium) If grade C or lower: suggest running `threat-model` for deeper analysis.