ai-factory.security-checklist
Provides a comprehensive security audit checklist based on OWASP Top 10, ensuring secure coding practices before deployment.
Install this skill
Security score
The ai-factory.security-checklist skill was audited on Mar 1, 2026 and we found 15 security issues across 4 threat categories, including 2 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Direct command execution function call
| 208 | exec(`convert ${userFilename} output.png`); |
Template literal with variable interpolation in command context
| 157 | const query = `SELECT * FROM users WHERE id = ${userId}`; |
Template literal with variable interpolation in command context
| 160 | const query = `SELECT * FROM users WHERE email = '${email}'`; |
Template literal with variable interpolation in command context
| 208 | exec(`convert ${userFilename} output.png`); |
Template literal with variable interpolation in command context
| 346 | console.log(`Connecting with password: ${password}`); |
Template literal with variable interpolation in command context
| 349 | throw new Error(`DB connection failed: ${connectionString}`); |
Destructive rm -rf command
| 209 | // Attack: filename = "; rm -rf /" |
Fetch to external URL
| 313 | fetch('/api/action', { |
Access to hidden dotfiles in home directory
| 28 | bash ~/.claude/skills/security-checklist/scripts/audit.sh |
Access to .env file
| 33 | - .env tracked in git |
Access to .env file
| 117 | secret: process.env.SESSION_SECRET, |
Access to .env file
| 343 | .env committed to repository |
Access to .env file
| 355 | - [ ] .env in .gitignore |
Access to .env file
| 370 | bfg --delete-files .env |
External URL reference
| 281 | "connect-src 'self' https://api.example.com", |
Install this skill with one command
/learn @spraby/security-checklist