you must create a file named `TODO_diff-auditor.md`. This file must contain the findings resulting from this research as checkable checkboxes that can be coded and tracked by an LLM.,TRUE,TEXT,wkaande...

Mar 21, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Include concrete

implementable code fixes for every finding

Mar 21, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Programming language

framework

Mar 21, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Debug mode in production paths: Development flags

verbose logging

Mar 21, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

Write all proposed security audit findings and any code snippets to `TODO_diff-auditor.md` only. Do not create any other files. If specific files should be created or edited

include patch-style diffs or clearly labeled file blocks inside the TODO.

Mar 21, 2026

Data

PromptBeginner5 minmarkdown

- Verbose error responses: Stack traces

SQL queries

Mar 21, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Hardcoded secrets: API keys

passwords

Mar 21, 2026

Data

PromptBeginner5 minmarkdown

- Dynamic query construction: String concatenation used to build SQL

LDAP

Mar 21, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Validate that SECRET_KEY comes from environment variables

not source code

Mar 21, 2026

Find agent skills by outcome

- Check for unsafe output rendering: script injection

- Configure `SECRET_KEY` via environment variables

- Apply context-aware output encoding for HTML

- Provide actionable remediation with specific code fixes

- Prioritize findings by exploitability and business impact

- [ ] No secrets

- Missing data masking in logs

- Validate that sensitive data never appears in logs

- Verify credential storage never includes plaintext secrets

- Assess PII handling for data minimization

- Analyze session management for fixation vulnerabilities

- Examine all user inputs for injection vectors: SQL

- **Scan** third-party dependencies for known CVEs

- **Assess** data protection strategies including encryption at rest

- **Trace** data flows from user input through processing to output

**RULE:** When using this prompt

- Include concrete

- Programming language

- **Debug mode in production paths**: Development flags

Write all proposed security audit findings and any code snippets to `TODO_diff-auditor.md` only. Do not create any other files. If specific files should be created or edited

- **Verbose error responses**: Stack traces

- **Hardcoded secrets**: API keys

- **Dynamic query construction**: String concatenation used to build SQL

- Validate that SECRET_KEY comes from environment variables

- Scan third-party dependencies for known CVEs

- Assess data protection strategies including encryption at rest

- Trace data flows from user input through processing to output

RULE: When using this prompt

- Debug mode in production paths: Development flags

- Verbose error responses: Stack traces

- Hardcoded secrets: API keys

- Dynamic query construction: String concatenation used to build SQL