This is a PR review checklist that walks through OWASP Top 10 vulnerabilities with specific patterns for Python/FastAPI and React codebases. You get code-level checks for access control issues, SQL injection, weak crypto, insecure CORS configs, and JWT misconfigurations. It writes findings to a markdown file with severity and line numbers. The examples are practical, like catching missing authorization dependencies or spotting `shell=True` in subprocess calls. It won't help with infrastructure security or incident response, just application code review. If your team reviews security-sensitive PRs and you want a structured audit pattern instead of ad hoc comments, this gives you the runthrough.
npx skills add https://github.com/hieutrtr/ai1-skills --skill code-review-security