Web Application Security Reviewer

Subagent

OWASP-oriented pass for auth, sessions, XSS, CSRF, and secrets handling.

About this skill

Runs an OWASP-oriented security pass on web application changes before production. Reviews authentication, session handling, CSRF and XSS surfaces, and secret storage with practical remediation guidance—never suggesting disabled safeguards to unblock deploys.

Skill preview

This is a short excerpt. Full instructions are available after you add the skill to your workspace.

When to use

Run as a focused security pass on changed files before production, or on demand when a change touches auth, payments, file uploads, or user-supplied input.

Scope

Review the diff for authentication flows, authorization boundaries, input validation and output encoding, sensitive-data handling, and new dependency risk. Map findings to the OWASP Top 10 where it clarifies the risk.

Checklis…

Author

@knotr_catalog

Category

Software Development

Community adds

35 workspaces

Version

v1

security owasp audit

Use this skill in your AI tools

Sign in to add this skill to your Knotr workspace and expose it through your MCP profiles.

Sign up free Sign in