dancon-owasp10-review
Parallel OWASP Top 10:2025 security review of a web application codebase using 10 specialist agents. Trigger whenever the user asks for a security review, security audit, OWASP review, vulnerability assessment, code security scan, or threat analysis of a web app codebase. Also trigger on mentions of "OWASP Top 10", "security vulnerabilities", "code audit", "AppSec", or requests to check code for injection, XSS, access control, auth, or crypto issues. Trigger for casual requests like "is my code secure?", "check for vulnerabilities", or "any security issues?". Launches 10 parallel agents (one per OWASP category) producing a report with context-sensitive remediations. Secrets found are flagged but always shown as REDACTED.
88
85%
Does it follow best practices?
Impact
92%
1.87xAverage score across 3 eval scenarios
Passed
No known issues
Evaluation results
92%
55%Security Audit: Flask API with Embedded Credentials
Secrets redaction and finding format compliance
Secrets redacted in findings
0%
100%
REDACTED placeholder used
0%
100%
Secrets still flagged
100%
100%
Finding ID format
100%
100%
Finding table fields
0%
100%
CWE included
0%
100%
Evidence code block
12%
62%
Recommended Fix code block
37%
37%
File and line citations
62%
100%
Framework-specific remediation
100%
100%
96%
68%OWASP Security Review: Node.js E-commerce Backend
Report structure and dashboard status derivation
All 7 report sections present
50%
100%
Dashboard covers all 10 categories
100%
100%
Dashboard FAIL status used correctly
0%
100%
Dashboard WARN status used correctly
0%
100%
Dashboard PASS status used correctly
0%
100%
Overall risk derived correctly
100%
100%
Executive summary paragraphs
0%
100%
Absence of findings caveat
0%
50%
Secrets handling note in scope
0%
100%
Remediation Priority Matrix grouping
37%
100%
Appendix files reviewed
0%
100%
Limitations section present
33%
100%
Severity count table in summary
0%
100%
88%
6%OWASP Security Review: Django Healthcare Portal
Defence in depth remediations and evidence-based findings
No speculative findings
100%
83%
Django-specific SQL remediation
100%
100%
Django-specific XSS remediation
0%
100%
Django-specific password hashing
100%
100%
Layered mitigations for injection
100%
100%
Layered mitigations for auth
100%
100%
YAML unsafe load finding
100%
100%
CSRF exemption finding
100%
100%
Django settings remediation specificity
100%
100%
Secrets redacted in report
0%
0%
Secrets flagged as findings
100%
100%
- Repository
- danielyan-consulting/skills
- Commit
99b52ce
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.