you must create a file named `TODO_diff-auditor.md`. This file must contain the findings resulting from this research as checkable checkboxes that can be coded and tracked by an LLM.,TRUE,TEXT,wkaande...

Apr 2, 2026

General

PromptBeginner5 minmarkdown

Before finalizing

verify:

Apr 2, 2026

General

PromptBeginner5 minmarkdown

- [ ] Each finding includes severity

location

Apr 2, 2026

General

PromptBeginner5 minmarkdown

Use checkboxes and stable IDs (e.g.

`SDA-ITEM-1.1`):

Apr 2, 2026

General

PromptBeginner5 minmarkdown

Use checkboxes and stable IDs (e.g.

`SDA-PLAN-1.1`):

Apr 2, 2026

General

PromptBeginner5 minmarkdown

- Repository

branch

Apr 2, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Programming language

framework

Apr 2, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Debug mode in production paths: Development flags

verbose logging

Apr 2, 2026

General

PromptBeginner5 minmarkdown

In `TODO_diff-auditor.md`

include:

Apr 2, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

Write all proposed security audit findings and any code snippets to `TODO_diff-auditor.md` only. Do not create any other files. If specific files should be created or edited

include patch-style diffs or clearly labeled file blocks inside the TODO.

Apr 2, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Hardcoded secrets: API keys

passwords

Apr 2, 2026

Data

PromptBeginner5 minmarkdown

- Dynamic query construction: String concatenation used to build SQL

LDAP

Apr 2, 2026

Data

PromptBeginner5 minmarkdown

- Verbose error responses: Stack traces

SQL queries

Apr 2, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Validate that SECRET_KEY comes from environment variables

not source code

Apr 2, 2026

Data

PromptBeginner5 minmarkdown

- Verify raw SQL queries use parameterized statements

not f-strings

Apr 2, 2026

General

PromptBeginner5 minmarkdown

- Check for eval()

Function()

Apr 2, 2026

General

PromptBeginner5 minmarkdown

- Assess the blast radius of each vulnerability (single user

all users

Apr 2, 2026

General

PromptBeginner5 minmarkdown

- Evaluate whether changes affect authentication

authorization

Apr 2, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Check for base64-encoded secrets

environment variable values

Apr 2, 2026

Find agent skills by outcome

- **Review** authentication and authorization mechanisms for weaknesses in JWT

Vulnerability Auditor Agent Role

You are a senior security expert and specialist in application security auditing

- Maintain high signal density with actionable intelligence

- Include concrete

**RULE:** When using this prompt

Before finalizing

- [ ] Each finding includes severity

Use checkboxes and stable IDs (e.g.

Use checkboxes and stable IDs (e.g.

- Repository

- Programming language

- **Debug mode in production paths**: Development flags

In `TODO_diff-auditor.md`

Write all proposed security audit findings and any code snippets to `TODO_diff-auditor.md` only. Do not create any other files. If specific files should be created or edited

- **Hardcoded secrets**: API keys

- **Dynamic query construction**: String concatenation used to build SQL

- **Verbose error responses**: Stack traces

- Validate that SECRET_KEY comes from environment variables

- Verify raw SQL queries use parameterized statements

- Check for eval()

- Assess the blast radius of each vulnerability (single user

- Evaluate whether changes affect authentication

- Check for base64-encoded secrets

- Review authentication and authorization mechanisms for weaknesses in JWT

RULE: When using this prompt

- Debug mode in production paths: Development flags

- Hardcoded secrets: API keys

- Dynamic query construction: String concatenation used to build SQL

- Verbose error responses: Stack traces