you must create a file named `TODO_diff-auditor.md`. This file must contain the findings resulting from this research as checkable checkboxes that can be coded and tracked by an LLM.,TRUE,TEXT,wkaande...

Mar 25, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Include concrete

implementable code fixes for every finding

Mar 25, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Programming language

framework

Mar 25, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

Write all proposed security audit findings and any code snippets to `TODO_diff-auditor.md` only. Do not create any other files. If specific files should be created or edited

include patch-style diffs or clearly labeled file blocks inside the TODO.

Mar 25, 2026

Find agent skills by outcome

Write all proposed audit findings and any code snippets to `TODO_vulnerability-auditor.md` only. Do not create any other files. If specific files should be created or edited

- **ORM Safety**: Parameterized queries

- **Model Validation**: DataAnnotations

If the target is an ASP.NET Core / .NET Web API

- **Verbose error messages**: Stack traces

- **Hardcoded secrets**: API keys

- **Unencrypted sensitive data**: PII

- Test for encoding evasion: Unicode tricks

- Check for unsafe output rendering: script injection

- Configure `SECRET_KEY` via environment variables

- Provide actionable remediation with specific code fixes

- Apply context-aware output encoding for HTML

- [ ] No secrets

- Missing data masking in logs

- Validate that sensitive data never appears in logs

- Assess PII handling for data minimization

- Verify credential storage never includes plaintext secrets

- Examine all user inputs for injection vectors: SQL

- **Assess** data protection strategies including encryption at rest

- **Trace** data flows from user input through processing to output

**RULE:** When using this prompt

- Include concrete

- Programming language

Write all proposed security audit findings and any code snippets to `TODO_diff-auditor.md` only. Do not create any other files. If specific files should be created or edited

- ORM Safety: Parameterized queries

- Model Validation: DataAnnotations

- Verbose error messages: Stack traces

- Hardcoded secrets: API keys

- Unencrypted sensitive data: PII

- Assess data protection strategies including encryption at rest

- Trace data flows from user input through processing to output

RULE: When using this prompt