Runs a comprehensive security audit of your codebase checking for OWASP Top 10 vulnerabilities, hardcoded secrets, injection flaws, and crypto weaknesses. You get three scan modes: full analysis that takes a few minutes, a quick scan under a minute for critical issues only, or focused scans on specific categories like injection or secrets. The output breaks findings into severity levels from critical to informational, showing you exactly where the issue is, why it matters, and how to fix it. What's practical here is the inline ignore comments for false positives and the project level config file to tune thresholds and exclude test fixtures. Best used before deploys or when inheriting unfamiliar code where you need to understand the security posture quickly.
npx skills add https://github.com/jwynia/agent-skills --skill security-scan