/security-audit

Deep, multi-dimensional security audit with six parallel agents. Produces an overall posture score and remediation plan.

Trigger: "security audit", "security review", "vulnerability assessment", "OWASP audit", "is this secure", "auth audit", "security posture" Output: docs/04-security-audit/ Reports: 8 (00–07) · Self-contained (6 agents)

Reports

Output Tree

docs/04-security-audit/
├── 00-executive-summary.md
├── 01-authentication.md
├── 02-api-data.md
├── 03-infrastructure.md
├── 04-protocol.md
├── 05-abuse-prevention.md
├── 06-owasp-best-practices.md
└── 07-privacy-compliance.md        # optional

Workflow

1. Reconnaissance: scan codebase, identify auth model, API surface, infrastructure, protocols in use
2. Six agents launch in parallel, each examining one attack surface
3. Executive summary synthesizes all findings with posture score

Distinct from /code-audit

The /code-audit pipeline includes a security pillar (one of five auditors). This /security-audit is a dedicated, deep review with six agents focused exclusively on security. Run both if you want code health AND deep security.

Integration

• Reads from: project-scanner output; existing doc-suite if available
• Pairs with: /code-audit for complete health picture
• Feeds into: /moat-audit references security posture

Use Cases

• 02. What a real security audit looks like

Download the full toolkit → · Back to library →