agentskit.js
Skills

securityAuditor

Security review of code or config — injection, auth, secrets, crypto, SSRF, supply chain, LLM-specific risks.

import { securityAuditor } from '@agentskit/skills'

const runtime = createRuntime({
  adapter,
  skills: [securityAuditor],
})

await runtime.run('Audit the diff on PR #123.')

#What it covers

  • Authn / authz boundaries.
  • Injection — SQL / NoSQL / command / LDAP / template / prompt injection in LLM-fed content.
  • Secrets in code, logs, client bundles, error messages.
  • Crypto — weak hashing, password compare timing leaks, predictable randomness.
  • Network — SSRF on user-supplied URLs, XXE, missing TLS verification.
  • Supply chain — postinstall scripts, typosquats, lockfile drift.
  • LLM-specific — untrusted instructions in tool output / RAG context, sandbox escapes, jailbreak surfaces.

#Output

Severity ladder: critical · high · medium · low · info. Every finding cites a real file:line, names the exploit, and proposes a concrete fix.

#vs. prReviewer and codeReviewer

  • prReviewer enforces project-Manifesto rules.
  • codeReviewer is general-purpose code quality.
  • securityAuditor is only security. Use it alongside the others, not instead of them.

Explore nearby

✎ Edit this page on GitHub·Found a problem? Open an issue →·How to contribute →
Edit on GitHub

technicalWriter

Skim-friendly technical docs — TL;DR-first, no marketing voice, code-example-driven.

customerSupport

First-line customer support — calm, direct, useful. Diagnoses, resolves, or escalates.

On this page

What it coversOutputvs. prReviewer and codeReviewerRelated