llm-security/commands/audit.md
Kjell Tore Guttormsen f153f969a0 feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command
Add /ultraresearch-local for structured research combining local codebase
analysis with external knowledge via parallel agent swarms. Produces research
briefs with triangulation, confidence ratings, and source quality assessment.

New command: /ultraresearch-local with modes --quick, --local, --external, --fg.
New agents: research-orchestrator (opus), docs-researcher, community-researcher,
security-researcher, contrarian-researcher, gemini-bridge (all sonnet).
New template: research-brief-template.md.

Integration: --research flag in /ultraplan-local accepts pre-built research
briefs (up to 3), enriches the interview and exploration phases. Planning
orchestrator cross-references brief findings during synthesis.

Design principle: Context Engineering — right information to right agent at
right time. Research briefs are structured artifacts in the pipeline:
ultraresearch → brief → ultraplan --research → plan → ultraexecute.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 08:58:35 +02:00

50 lines
1.8 KiB
Markdown

---
name: security:audit
description: Full project security audit with OWASP LLM Top 10 assessment, scoring, and remediation plan
allowed-tools: Read, Glob, Grep, Bash, Agent
model: sonnet
---
# /security audit
Full security audit — 10 categories, OWASP LLM Top 10 aligned, A-F grade.
## Step 1: Run Posture Scanner
Run the deterministic posture scanner first for instant category results:
```
node <this plugin's scanners/posture-scanner.mjs> [cwd]
```
Parse JSON output. Record: grade, risk score, all category statuses, all findings.
## Step 2: Gather Context
1. Read `CLAUDE.md` for project name and type
2. Glob for: `commands/*.md`, `agents/*.md`, `.mcp.json`, `**/.mcp.json`, `.claude-plugin/plugin.json`
3. Determine: has skills/commands? has MCP servers?
## Step 3: Skill Scan (if commands/agents found)
Spawn `subagent_type: "llm-security:skill-scanner-agent"`, `model: "sonnet"`:
> Scan all commands/ and agents/ at [cwd].
> Read: \<plugin-root\>/knowledge/skill-threat-patterns.md
> Return findings: file, issue, severity, OWASP ref.
## Step 4: MCP Scan (if MCP servers found)
After skill scan, spawn `subagent_type: "llm-security:mcp-scanner-agent"`, `model: "sonnet"`:
> Audit MCP configs at [cwd]. Read: \<plugin-root\>/knowledge/mcp-threat-patterns.md
> Return trust table and findings with severity.
## Step 5: Generate Report
Merge posture scanner JSON + agent findings. Use the posture scanner's grade as the baseline.
Recalculate `risk_score = min(100, critical*25 + high*10 + medium*4 + low*1)` including agent findings.
Output: Risk Dashboard, Executive Summary, 10 Category Sections (use scanner evidence + agent narrative), Summary Table, Action Items (IMMEDIATE → HIGH → MEDIUM).
Close with top 2-3 action items. If grade C or lower: suggest `/security threat-model`.