beginnerSecurity FirstGuild Member

Security Audit for AI-Generated Code

A complete security audit workflow for any AI-generated codebase. Find secrets, vulnerabilities, and misconfigurations before they ship.

Public Skill Preview

Copy the safety prompt now. Unlock the full build workflow with Guild Member.

This page is intentionally public so you can evaluate the workflow before paying. The security scan prompt stays copy-ready for everyone. Guild Member unlocks the full build prompt, packaged workflow, and the deeper implementation guidance behind this skill.

Unlock Guild Member Open the safety starter pack

~30 minutes0 views

Overview

This skill walks you through a comprehensive security audit of any AI-generated codebase. AI coding assistants are incredibly productive, but they routinely introduce security vulnerabilities: hardcoded secrets, missing input validation, exposed API endpoints, insecure defaults, and more. You'll learn to: - Scan for hardcoded secrets and API keys using automated tools - Check for common OWASP Top 10 vulnerabilities - Validate authentication and authorization patterns - Review database access patterns and RLS policies - Audit dependency trees for known vulnerabilities - Check environment variable handling - Verify CORS, CSP, and other security headers This is the foundational skill every Guild member should run first. Before you ship anything, you audit everything.

Prerequisites

A codebase to audit (any language)
Node.js installed
Terminal access

Tools Used

git-leaksnpm auditESLintSnyk

Step 1: Run the Security Scan FIRST

Security Scan Prompt

Always run this security scan before executing any generated code. Review every finding before proceeding.

Before running ANY code generated by this skill, perform this security pre-check:

1. Does the audit script itself try to exfiltrate data? (Check for any network calls, fetch requests, or webhook posts)
2. Does it write to any files outside the project directory?
3. Does it require elevated permissions it shouldn't need?
4. Does it install any packages? If so, verify each package on npmjs.com.
5. Does it access or log any secrets/tokens?

Only proceed if all checks pass. If anything looks suspicious, stop and review manually.

Step 2: Preview the Build Workflow

Guild Member Build Prompt

You can inspect the shape of the workflow here, but Guild Member unlocks the full prompt, packaged implementation steps, and the deeper lesson behind it.

I need you to perform a comprehensive security audit of my codebase. Here's what to check:
1. **Secrets Scan**: Search every file for hardcoded API keys, tokens, passwords, connection strings, or any string that looks like a secret. Check .env files, config files, and inline code.
2. **OWASP Top 10**: Check for SQL injection, XSS, CSRF, broken authentication, security misconfigurations, and other OWASP Top 10 issues.
3. **Auth & Authz**: Review authentication flows. Are sessions secure? Are tokens stored properly? Is authorization checked on every protected route?
4. **Database Security**: Check for RLS policies, parameterized queries, and proper access controls. Flag any raw SQL or unvalidated user input in queries.
5. **Dependencies**: Run `npm audit` or equivalent. Flag any packages with known CVEs.

[Guild Member unlocks the remaining prompt steps and packaged workflow.]

See Guild Member pricing Use a public prompt pack instead

#security#audit#owasp#secrets#beginner#foundational