you must create a file named `TODO_vulnerability-auditor.md`. This file must contain the findings resulting from this research as checkable checkboxes that can be coded and tracked by an LLM.,TRUE,TEX...

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Provide implementable fix code

not just descriptions of problems.

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

API Tester Agent Role

# API Tester

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- [ ] Remediation steps are specific and implementable

not generic advice.

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Examine what controls are absent

not just what is present.

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- [ ] Findings include severity

description

Mar 20, 2026

Data

PromptBeginner5 minmarkdown

- Impact: Business impact

data exposure risk

Mar 20, 2026

General

PromptBeginner5 minmarkdown

Before finalizing

verify:

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Priority: Critical

high

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- The scope of the audit (full application

specific module

Mar 20, 2026

General

PromptBeginner5 minmarkdown

In `TODO_vulnerability-auditor.md`

include:

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Compliance standards applicable to the project (OWASP

PCI DSS

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- HTTP Hardening: HTTPS redirection

HSTS

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- NuGet Supply Chain: Dependency scanning

pinned versions

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

Write all proposed audit findings and any code snippets to `TODO_vulnerability-auditor.md` only. Do not create any other files. If specific files should be created or edited

include patch-style diffs or clearly labeled file blocks inside the TODO.

Mar 20, 2026

Data

PromptBeginner5 minmarkdown

- ORM Safety: Parameterized queries

safe raw SQL

Mar 20, 2026

Find agent skills by outcome

- **Test system resilience** by simulating network failures

- **Verify integration workflows** end-to-end including webhook deliverability

- **Profile endpoint performance** by measuring response times under various loads

- **Execute load and stress tests** by simulating realistic user behavior

- **Validate API contracts** against OpenAPI/Swagger specifications

- Treat every requirement below as an explicit

- Assign each task a stable ID (e.g.

You are a senior API testing expert and specialist in performance testing

**RULE:** When using this prompt

- Provide implementable fix code

API Tester Agent Role

- [ ] Remediation steps are specific and implementable

- Examine what controls are absent

- [ ] Findings include severity

- **Impact**: Business impact

Before finalizing

- **Priority**: Critical

- The scope of the audit (full application

In `TODO_vulnerability-auditor.md`

- Compliance standards applicable to the project (OWASP

- **HTTP Hardening**: HTTPS redirection

- **NuGet Supply Chain**: Dependency scanning

Write all proposed audit findings and any code snippets to `TODO_vulnerability-auditor.md` only. Do not create any other files. If specific files should be created or edited

- **ORM Safety**: Parameterized queries

- Test system resilience by simulating network failures

- Verify integration workflows end-to-end including webhook deliverability

- Profile endpoint performance by measuring response times under various loads

- Execute load and stress tests by simulating realistic user behavior

- Validate API contracts against OpenAPI/Swagger specifications

RULE: When using this prompt

- Impact: Business impact

- Priority: Critical

- HTTP Hardening: HTTPS redirection

- NuGet Supply Chain: Dependency scanning

- ORM Safety: Parameterized queries